Sr. Cybersecurity Engineer
DrFirst
3h ago
0$130k - $150kDevUnited Stateshimalayas
Cybersecurity-EngineeringSecurity-OperationsCloud-SecurityDevSecOpsCorporate-SecuritySenior
Job Description
About DrFirstFor 25 years, DrFirst has empowered providers and patients to achieve better health through intelligent medication management. We improve healthcare workflows and help patients start and stay on therapy with end-to-end solutions that enhance prescription access, affordability, and adherence. Our solutions help 100 million patients a year and are used by more than 420,000 prescribers, 71,000 pharmacies, 270 EHRs and health information systems, and over 2,000 hospitals in the U.S. This is a great opportunity to be a part of a successful Healthcare IT company experiencing significant growth. Here you'll get to work with some of the smartest and most interesting people around; solving unique and complex challenges in healthcare on a scale matched by a few companies. If you get excited about stretching yourself in new ways, developing yourself to your fullest potential, care about working with smart colleagues; we want to talk to you!Position OverviewAt DrFirst, we play in the major leagues. Our 5-person security team covers what most organizations staff with ten or more — not by working longer, but by working smarter. We are looking for engineers committed to advancing our security program for the benefit of our team, our customers, and the patients we serve.We are looking for a different kind of security engineer — a true engineer, not an analyst. You learn continuously and deploy often. You implement as fast as you learn, outpace your peers, and use Claude the way a top-tier engineer builds software — to accelerate delivery by offloading the repetitive and mundane. You believe results speak louder than words, and you are confident enough to show incremental progress quickly and course correct rapidly. That momentum compels you to do more — and you believe, correctly, that delivering results earns respect and reward. If you have been looking for a team worthy of what you can do — keep reading.What you will work onThis is a domain ownership role. You report directly to the VP Security and work alongside two Principal Security Engineers (PSE1: application security, DevSecOps, AWS network; PSE2: GCP network, unified logging, corporate services, customer-facing security, incident management, and audit delivery). You own your domains, contribute to shared goals, and operate as a peer.DomainScopeCadenceCorporate Security OperationsInbox, questionnaires, VRAs, KnowBe4 training and phishing campaigns, onboarding/offboarding compliance, remote worker compliance, endpoint and allowlist controls, policy maintenance, Okta and corporate tool implementation, website and public domain compliance monitoring, data governance implementationSteady stateProduction Alert TriageAWN, SentinelOne, Proofpoint, Splunk, AWS Security Hub, GCP Security Command Center, Tenable, Zscaler (ZIA/ZPA), endpoint software detection — triage, tuning, escalation to PSE1 (infrastructure) or PSE2 (customer incidents)Steady stateAudit Evidence CollectionSOC 2 / HITRUST evidence for all controls mapping to your owned domains. PSE2 project manages; you own your evidence slice independently — April through June and August through SeptemberSeasonal burstStrategic initiatives you step into from day one• Data governance — retention policy framework in progress; drive implementation by data stream and category, coordinate purge processes across email and corporate data stores• De-identification service — service is built; drive production data through it to reduce PII/PHI retention exposure across relevant systems• Corporate Claude environment — own the security architecture, guardrails, and governance for non-engineering staff using Claude for automation and data access via MCPsHow We WorkOur team's DNA is to use Claude to eliminate the manual, repetitive work that consumes capacity — so we can focus on what moves security forward.What that looks like in practice: a member of our security team automated vulnerability triage across 100 code repositories using Claude Code — a task that previously required manually reading through each finding to determine true vulnerability from false positive. The result was approximately 50% of their capacity freed to focus on critical work. On the compliance side, we overhauled our entire SOC control set — mapping to HITRUST i1, NIST 171, and HIPAA — and increased framework inheritance from 30% to 95%. What would have taken four weeks was completed in 72 hours. This is how we work. This is what we expect from you.You will be self-directed. With that autonomy comes the accountability to produce results early and often — closed items, not status updates. You set the goal, the strategy, and the plan, and you show momentum within days. You have a proven track record of getting other teams to prioritize your initiatives because your competency earns their respect. Security sets the strategy, Corporate Services implements, and you make that relationship work. Issues that could be closed within a few
