Security and Compliance Engineer

Founded in 2019 and headquartered in Pittsburgh, PA, Free Market Health supports forward-thinking payers and specialty pharmacies of all sizes who need to operate in a complex and opaque market. We empower all stakeholders to optimize resources and maximize opportunities while focusing on the most important stakeholder of all: the patient.

About the role

• As part of the Technology Services team at Free Market Health, the Security and Compliance Engineer will be responsible for maintaining organizational compliance certifications and coordinating operational security activities. They will be expected to bring expertise in configuration management, system hardening, and identity management to cloud based infrastructure and integrated SaaS applications. We are looking for an experienced security professional to take ownership over a broad set of resources, identify and map threats to a risk-based framework, before prioritizing and implementing remediations or mitigations.
• In addition, the Security and Compliance Engineer will be tasked in the ongoing creation, collection, and submission of artifacts necessary to maintain HITRUST certification and other related healthcare data protection frameworks. This person should have experience securing a full cloud-based architecture, including networking, database provisioning, logging configurations and o management.
• The optimal candidate will be well versed in healthcare specific data security and privacy while managing day to day security activities. This person will be responsible for testing incident response, business continuity, and disaster recovery plans to ensure effectiveness and accuracy.

What you'll do

The specific responsibilities for this role include, but are not limited to:

• Ongoing evaluation and improvement of company security posture within infrastructure and application footprint
• Maintenance of company security policies, procedures, and associated documentation necessary for annual compliance submissions
• Completion of separate vendor supplied risk assessments and questionnaires as applicable
• Development and testing of disaster recovery and business continuity plans for infrastructure, applications, and physical security
• Responsible for creation, upkeep, and regular testing of incident response plans
• This role is required to work onsite in our Pittsburgh PA headquarters office

What we need from you

• History of successful submissions for healthcare or financial related compliances (SOC1, SOC2, HITRUST, ISO 27001, PCI, SOX)
• 3+ years experience in security operations or vulnerability remediation role
• 5+ years as a Senior Analyst or Security Engineering role
• Security certifications in Networking, Cloud Infrastructure, Security Operations, or Incident Response
• Advanced knowledge of enterprise security administration and strategy including Authentication (SAML, LDAP, OIDC), MFA Implementation, Vendor Management, Disaster Recovery, Business Continuity, and Incident Response
• Strong written, organizational, and people skills