About HealthDrive:
HealthDrive delivers on-site healthcare services to residents of long-term care facilities, offering a comprehensive suite of specialties including primary care, behavioral health, dentistry, optometry, podiatry, and audiology. Our mission is to improve the quality of life for patients through compassionate and consistent care, while supporting our partners with reliable, integrated healthcare solutions tailored to the unique needs of senior populations.
About the Role:
The Senior Security Engineer is a hands-on, implementation-focused role responsible for protecting HealthDrive’s sensitive patient data and strengthening security across on-premises and Microsoft Azure environments. This engineer builds, configures, and operates security controls, including firewalls, endpoint and email protection, cloud security, and vulnerability management, while leading incident detection, investigation, and response. Working closely with IT leadership and HealthDrive’s Managed Security Service Provider (MSSP), the engineer also manages the third-party risk process from end to end. This is primarily a technical build-and-operate role, not a policy or oversight position.
Work Environment:
Based at HealthDrive’s Framingham, MA office (off Route 9, near Routes 90 and 495) on a hybrid schedule.
Compensation Range:
$85,000 to $115,000 / experience dependent
#INDHDCORPREC
Security infrastructure management:
Build, configure, deploy, and maintain security infrastructure — firewalls, MDM, identity platforms, email security, and cloud — using Fortinet (preferred), Microsoft Active Directory, Microsoft 365, and Azure; hands-on experience with comparable firewalls such as Palo Alto is transferable.
Cloud security:
Implement and manage cloud security controls in Microsoft Azure, focusing on identity and access management, network security, and data protection.
Secure network & server design:
Partner hands-on with infrastructure teams to design and harden secure network and server configurations, including firewall, VPN, and access controls.
Endpoint & data protection:
Own and maintain the policy configuration for HealthDrive's Proofpoint platforms — Email Security, Email DLP, Endpoint DLP, and Data Security Posture Management (DSPM) tuning detection and prevention rules, triaging alerts, and refining controls to protect against phishing, malware, and data exfiltration.
Vulnerability management:
Conduct regular vulnerability assessments using tools such as SecureWorks or Qualys, and coordinate remediation efforts with IT teams.
Incident response:
Lead incident detection, investigation, containment, and recovery in collaboration with internal teams and external partners and operationalize threat intelligence to inform detection and response priorities.
Security automation:
Develop scripts in PowerShell, Python, or Bash to automate routine security tasks and improve operational efficiency.
Third-party risk management:
Own and drive HealthDrive’s Third-Party Risk Management (TPRM) program end to end, including inbound and outbound security-questionnaire processes — assessing vendor and partner security posture, maintaining the vendor risk-scoring framework, responding to security assessments HealthDrive receives from partners and payers, and managing ongoing third-party risk in line with HIPAA and HealthDrive’s data-protection obligations.
Compliance & risk management:
Ensure adherence to HIPAA and other regulatory requirements through policy enforcement and risk-mitigation strategies.
Documentation & training:
Maintain detailed documentation of security configurations and procedures and provide guidance to business and IT staff on security best practices.
Security awareness training:
Manage HealthDrive's security awareness training program — building and scheduling campaigns and phishing simulations, tracking completion and results, and reporting on workforce risk to IT leadership.
Collaboration with MSSP:
Serve as liaison with HealthDrive’s Managed Security Service Provider to ensure effective threat monitoring and response.
Must have:
Nice to have:
Education & Qualifications:
Certifications & Licenses:
(Preferred) CISSP; or at least one relevant security certification, such as Microsoft Certified: Azure Security Engineer Associate (AZ-500), CompTIA Security+, CISM, CCSP, or HCISPP
Core Competencies:
Software Powered by iCIMS
www.icims.com