Home Security and Compliance Engineer

Security and Compliance Engineer

  • Full Time Jobs
  • Remote

Website Sana Benefits

Our health system is broken, and it’s a huge problem. Costs are rising out of control while the patient experience gets worse. At Sana, we’re passionate about fixing this problem by bringing accessible and affordable health plans to small and medium businesses. We’ve built an innovative team with top talent from across the health insurance and tech industries to create engaging, modern plans for our clients. This allows our customers to offer competitive benefits packages while paying an average of 20% less than traditional plans.

Sana is looking for a Security and Compliance Engineer to join our small but growing team. As a successful candidate, you will secure Sana’s infrastructure against threats, investigate suspicious activity, oversee threat detection, response and remediation.  Your daily responsibilities will include working to ensure our cloud environment and sensitive data is secure while staying on top of the latest security techniques and implementation.  You will also help with some day-to-day systems administration tasks to help maintain and document our compliance efforts.

We are building a distributed engineering team and encourage all applicants to apply, regardless of location.

What you will do
Architect, design, implement, maintain and operate information system security controls and countermeasures
Analyze and recommend security controls and procedures and provide oversight to ensure compliance
Monitor systems for vulnerabilities and potential incidents
Responsible for the administration of authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
Responsible for the development and administration of information security training and awareness programs as well as providing security training and onboarding security awareness.
Responsible for solutions to maintain integrity and security of sensitive personal data such as PII and PHI in accordance with HIPAA best practices
Ensure current development practices and 3rd party software usage remains compliant with HIPAA standards and best practices

About you
Minimum of 3 years relevant, hands-on professional experience
Extensive knowledge in Cloud Security
Experience with PEN testing techniques, threat assessment, and incident response
Experience working with complicated systems at scale
Possess knowledge of common information security and privacy frameworks, such as HIPAA, SOC 2, PCI, etc
Bonus: Have worked in regulated industry such as healthcare

Tech we use

About Sana
Sana is a modern health plan solution for small and medium businesses. We use a more efficient financing structure and integrated technology solutions to cut out wasteful spending and get members access to better quality care at lower cost. Founded in 2017, we are an experienced team of engineers, designers and health system operators. We have the financial backing of Silicon Valley venture firms and innovative reinsurance partners. If you are excited about building something new and being a part of fixing our broken healthcare system from the inside, please reach out!

To apply for this job please visit jobs.lever.co.