Senior Security Engineer

Job Locations US-MA-Framingham
Category
Information Technology

Overview

About HealthDrive:

 

HealthDrive delivers on-site healthcare services to residents of long-term care facilities, offering a comprehensive suite of specialties including primary care, behavioral health, dentistry, optometry, podiatry, and audiology. Our mission is to improve the quality of life for patients through compassionate and consistent care, while supporting our partners with reliable, integrated healthcare solutions tailored to the unique needs of senior populations.

 

 

About the Role:

 

The Senior Security Engineer is a hands-on, implementation-focused role responsible for protecting HealthDrive’s sensitive patient data and strengthening security across on-premises and Microsoft Azure environments. This engineer builds, configures, and operates security controls, including firewalls, endpoint and email protection, cloud security, and vulnerability management, while leading incident detection, investigation, and response. Working closely with IT leadership and HealthDrive’s Managed Security Service Provider (MSSP), the engineer also manages the third-party risk process from end to end. This is primarily a technical build-and-operate role, not a policy or oversight position.

 

 

Work Environment:

 

Based at HealthDrive’s Framingham, MA office (off Route 9, near Routes 90 and 495) on a hybrid schedule. 

 

 

Compensation Range:

 

$85,000 to $115,000 / experience dependent

 

 

#INDHDCORPREC

Responsibilities

Security infrastructure management:

Build, configure, deploy, and maintain security infrastructure — firewalls, MDM, identity platforms, email security, and cloud — using Fortinet (preferred), Microsoft Active Directory, Microsoft 365, and Azure; hands-on experience with comparable firewalls such as Palo Alto is transferable. 

 

Cloud security:

Implement and manage cloud security controls in Microsoft Azure, focusing on identity and access management, network security, and data protection. 

 

Secure network & server design:

Partner hands-on with infrastructure teams to design and harden secure network and server configurations, including firewall, VPN, and access controls. 

 

Endpoint & data protection:

Own and maintain the policy configuration for HealthDrive's Proofpoint platforms — Email Security, Email DLP, Endpoint DLP, and Data Security Posture Management (DSPM) tuning detection and prevention rules, triaging alerts, and refining controls to protect against phishing, malware, and data exfiltration. 

 

Vulnerability management:  

Conduct regular vulnerability assessments using tools such as SecureWorks or Qualys, and coordinate remediation efforts with IT teams. 

 

Incident response:

Lead incident detection, investigation, containment, and recovery in collaboration with internal teams and external partners and operationalize threat intelligence to inform detection and response priorities. 

 

Security automation:

Develop scripts in PowerShell, Python, or Bash to automate routine security tasks and improve operational efficiency. 

 

Third-party risk management:  

Own and drive HealthDrive’s Third-Party Risk Management (TPRM) program end to end, including inbound and outbound security-questionnaire processes — assessing vendor and partner security posture, maintaining the vendor risk-scoring framework, responding to security assessments HealthDrive receives from partners and payers, and managing ongoing third-party risk in line with HIPAA and HealthDrive’s data-protection obligations. 

 

Compliance & risk management:

Ensure adherence to HIPAA and other regulatory requirements through policy enforcement and risk-mitigation strategies. 

 

Documentation & training:

Maintain detailed documentation of security configurations and procedures and provide guidance to business and IT staff on security best practices. 

 

Security awareness training: 

Manage HealthDrive's security awareness training program — building and scheduling campaigns and phishing simulations, tracking completion and results, and reporting on workforce risk to IT leadership. 

 

Collaboration with MSSP:

Serve as liaison with HealthDrive’s Managed Security Service Provider to ensure effective threat monitoring and response. 

Qualifications

Must have:

 

  • Infrastructure-focused security engineering background, able to both set strategy and execute hands-on. 
  • Deep understanding of network security fundamentals (TCP/IP, DNS, routing, firewalls). 
  • Hands-on experience with enterprise-grade firewalls and network security tools. 
  • Proficiency in Microsoft Active Directory and Azure Active Directory (Microsoft Entra ID). 
  • Strong knowledge of Azure cloud security best practices. 
  • Experience with endpoint protection and data loss prevention (DLP) technologies, preferably Proofpoint tools. 
  • Experience leading or running third-party risk / vendor security assessment processes. 
  • Excellent problem-solving, communication, and collaboration skills, with the ability to work both independently and across cross-functional teams. 

 

 

Nice to have: 

 

  • Microsoft Intune (MDM). 
  • Scripting with PowerShell, Python, or Bash. 
  • SIEM / XDR platforms such as Microsoft Sentinel or SecureWorks; experience with comparable platforms is transferable. 
  • Experience working with MSSPs and vulnerability detection and response platforms. 
  • Knowledge of healthcare compliance standards (HIPAA, HITECH). 
  • Experience managing security awareness training. 
  • Experience with Okta MFA configuration.

 

 

 

Education & Qualifications:

 

  • Bachelor’s degree in Cybersecurity, Computer Science, or a related field. 
  • Approximately 10+ years of security engineering experience, with demonstrated depth in infrastructure and cloud security. 

 

 

 

Certifications & Licenses:

 

(Preferred) CISSP; or at least one relevant security certification, such as Microsoft Certified: Azure Security Engineer Associate (AZ-500), CompTIA Security+, CISM, CCSP, or HCISPP

 

 

 

Core Competencies:

 

  • Communication 
  • Cooperation and Team working 
  • Adaptability 
  • Expertise and Professionalism 
  • Problem Solving / Analysis 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.