At Birdi, we are transforming the pharmacy experience through innovation, collaboration, and a relentless focus on patient care. We offer team members the opportunity to make a meaningful impact while working alongside talented professionals in a collaborative and entrepreneurial environment where ideas are valued and continuous improvement is encouraged.
The Security Engineer is responsible for designing, implementing, and managing the organization’s cybersecurity program, with a primary focus on software supply chain security, Identity and Access Management (IAM), permissions governance, cloud security, and compliance readiness within a healthcare environment. This role serves as a key cybersecurity leader responsible for protecting systems, applications, infrastructure, and sensitive data while supporting compliance with SOC 2 Type II, HIPAA, and industry security standards.
Working closely with IT, Development, DevOps, Operations, and business stakeholders, the Security Engineer develops and maintains security controls, monitoring capabilities, policies, procedures, and awareness programs that support enterprise-wide risk management and security maturity. This role is ideal for a self-directed security professional who enjoys building programs from the ground up, improving organizational security posture, and partnering across teams to create a culture of security and compliance.
- Opportunity to build and shape the organization's cybersecurity program and security roadmap.
- Exposure to cloud security, DevSecOps, compliance, risk management, and healthcare cybersecurity initiatives.
- Ability to make a meaningful impact by protecting critical systems, applications, and sensitive healthcare data.
- Collaborative environment that values innovation, continuous improvement, and operational excellence.
- Partnership opportunities with Development, DevOps, Operations, and leadership teams to drive security initiatives.
- Remote flexibility within a growing healthcare organization.
- Professional development opportunities and support for ongoing certification and career growth.
- Research, develop, implement, and maintain comprehensive cybersecurity policies, standards, procedures, and controls.
- Lead cybersecurity efforts supporting SOC 2 Type II compliance and ongoing certification activities.
- Coordinate security control documentation, evidence collection, audit preparation, and remediation activities.
- Support HIPAA Security Rule compliance by implementing administrative, technical, and physical safeguards.
- Conduct regular reviews of security controls and identify opportunities for continuous improvement.
- Partner with internal stakeholders and external auditors to ensure compliance requirements are met.
- Conduct security risk assessments, vulnerability reviews, and threat analyses to identify potential risks and vulnerabilities.
- Develop and implement mitigation strategies aligned with regulatory requirements and industry best practices.
- Monitor security alerts, events, and threats across enterprise environments.
- Design and maintain security monitoring, threat detection, and alerting capabilities.
- Lead incident response activities, including investigation, containment, remediation, recovery, and post-incident review.
- Maintain breach response and notification processes in accordance with HIPAA and organizational requirements.
- Participate in an on-call rotation supporting critical security incidents and operational security events.
- Design, implement, and manage enterprise Identity and Access Management strategies.
- Develop and maintain role-based access control (RBAC) models and least-privilege access frameworks.
- Manage and support multi-factor authentication (MFA), single sign-on (SSO), privileged access management, and identity governance initiatives.
- Conduct periodic access reviews and user entitlement audits to ensure appropriate authorization levels.
- Develop permissions governance standards that support regulatory compliance and data protection requirements.
- Monitor and improve identity security controls across business and technology platforms.
- Establish and maintain software supply chain security programs and controls.
- Implement Software Bill of Materials (SBOM) management practices and dependency monitoring processes.
- Manage application dependency scanning, vulnerability assessments, and remediation activities.
- Collaborate with Development and DevOps teams to integrate security throughout the Software Development Life Cycle (SDLC).
- Support secure coding standards, application security testing, code review processes, and CI/CD security controls.
- Evaluate and implement tools that improve application security, container security, and software integrity.
- Design and implement security controls supporting cloud-based environments, particularly AWS.
- Assess cloud infrastructure configurations and implement security best practices.
- Support endpoint protection technologies, network security controls, firewall management, and threat prevention solutions.
- Monitor cloud and infrastructure environments for security risks and compliance concerns.
- Partner with technical teams to strengthen overall infrastructure security and resilience.
- Develop, implement, and maintain a company-wide Security Awareness Training Program.
- Deliver cybersecurity education focused on phishing awareness, social engineering defense, HIPAA requirements, and secure handling of sensitive information.
- Track employee training completion and maintain records for compliance and audit purposes.
- Conduct ongoing awareness campaigns and educational initiatives to strengthen organizational security culture.
- Ensure training content remains current with evolving cybersecurity threats and industry trends.
- Evaluate third-party vendors, business associates, and service providers for cybersecurity and compliance risks.
- Conduct security reviews and assessments of vendors handling sensitive information.
- Ensure vendor security practices align with HIPAA requirements and organizational standards.
- Support risk remediation efforts and ongoing vendor monitoring activities.
- Assist with contract reviews and security-related due diligence activities.
- Proven experience in Information Security, Cybersecurity Engineering, or related disciplines.
- Strong knowledge of SOC 2, HIPAA Security Rule, NIST Cybersecurity Framework, CIS Controls, and related compliance standards.
- Experience implementing and managing cybersecurity programs and governance frameworks.
- Demonstrated experience preparing organizations for compliance reviews, audits, and assessments.
- Deep expertise in Identity and Access Management technologies and practices.
- Experience implementing role-based access controls (RBAC), MFA, SSO, and privileged access management solutions.
- Strong understanding of authorization, authentication, access governance, and permissions management.
- Experience conducting access reviews and access control audits.
- Experience with software supply chain security concepts and technologies.
- Knowledge of SBOM management, dependency scanning tools, vulnerability management platforms, and secure software development practices.
- Experience supporting cloud security initiatives, particularly within AWS environments.
- Familiarity with endpoint protection platforms, firewalls, and security monitoring tools.
- Strong understanding of secure SDLC and DevSecOps practices.
- Excellent verbal, written, and presentation communication skills.
- Ability to translate complex technical security concepts into understandable business language.
- Strong relationship-building skills with the ability to collaborate effectively across technical and business teams.
- Ability to influence security best practices without direct authority.
- Strong analytical, investigative, and troubleshooting abilities.
- Ability to independently identify risks and implement effective solutions.
- Excellent attention to detail and organizational skills.
- Demonstrated ability to manage multiple priorities and deadlines.
- Self-directed with the ability to work independently and take ownership of initiatives.
- Identity and Access Management (IAM) platforms
- Multi-Factor Authentication (MFA) and Single Sign-On (SSO) solutions
- Security monitoring and threat detection platforms
- Endpoint Detection and Response (EDR) technologies
- Vulnerability assessment and dependency scanning tools
- AWS cloud services and security controls
- Security awareness training and phishing simulation platforms
- Microsoft Office Suite, including Word, Excel, Outlook, and PowerPoint
- DevSecOps, CI/CD, and application security technologies
- Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field; equivalent combinations of education and experience may be considered.
- Minimum three (3) to five (5) years of experience in cybersecurity, information security, or security engineering roles.
- Demonstrated experience implementing security compliance programs including SOC 2, HIPAA, ISO 27001, or comparable frameworks.
- Experience conducting risk assessments and developing cybersecurity policies and procedures.
- Experience supporting security operations, incident response, and security governance initiatives.
- Experience working within healthcare environments and supporting HIPAA compliance requirements.
- Professional cybersecurity certifications such as:
- CISSP
- CISM
- Security+
- CCSP
- AWS Security Specialty
- HCISPP
- Experience designing and implementing Zero Trust security architectures.
- Familiarity with healthcare data standards, including HL7 and FHIR.
- Experience working with Electronic Health Record (EHR) systems and healthcare technology platforms.
- Knowledge of policy-as-code solutions such as Open Policy Agent (OPA) and Checkov.
- Experience with infrastructure-as-code security scanning and cloud governance tools.
- Scripting and automation experience using Python, PowerShell, Bash, or similar technologies.
- Experience with container security, Kubernetes security, and DevSecOps methodologies.
- Experience managing Security Awareness Training platforms such as KnowBe4, Proofpoint, or similar solutions.
- Familiarity with phishing simulation programs and security culture initiatives.
- Full-time remote work environment.
- Minimal exposure to excessive noise or adverse working conditions.
- Ability to sit for extended periods of time while working with computers and other office equipment.
- Ability to participate in on-call responsibilities and respond to security incidents as required.
- Ability to work flexible schedules when necessary to support security operations, incident response activities, audits, and project deadlines.
BirdiRx offers a comprehensive benefits package designed to support the diverse needs of our employees, including:
- Competitive medical, dental, and vision coverage
- Paid time off and company holidays
- Retirement savings opportunities
- Employee wellness and support programs
- Professional development and career growth opportunities
- Employee-focused culture committed to work-life balance and success
BirdiRx is an Equal Opportunity Employer. We value diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable law.
As a condition of employment, BirdiRx requires the successful completion of a pre-employment criminal background check and drug screening. A criminal conviction does not automatically disqualify an applicant. Each case will be reviewed individually, considering the nature of the offense, its relevance to the position, and the time elapsed since the conviction.