CareDx, Inc.
Sr Information Security Engineer
CareDx, Inc., Brisbane, California, United States, 94005
Sr Information Security EngineerCareDx, Inc. is a leading precision medicine solutions company focused on the discovery, development, and commercialization of clinically differentiated, high-value healthcare solutions for transplant patients and caregivers. CareDx offers products, testing services, and digital healthcare solutions along the pre- and post-transplant patient journey, and is the leading provider of genomics-based information for transplant patients.CareDx is looking for an experienced and highly skilled Senior Security Engineer to lead our efforts in architecting and implementing advanced security solutions. This role requires in-depth technical expertise and a strong background in protecting Personally Identifiable Information (PII) and Protected Health Information (PHI) in compliance with HIPAA and other regulatory requirements. The Senior Security Engineer will play a pivotal role in shaping our security posture and leading strategic initiatives to safeguard our sensitive data.Responsibilities:Architect and Implement Security Solutions:Design, deploy, and manage comprehensive security architectures and tools, including SIEM, EDR, firewalls, IDPS, and WAF.Develop and maintain security infrastructure to ensure the highest level of protection for PII and PHI.Regulatory Compliance:
Ensure compliance with SOC 2, HIPAA, HITECH, and other relevant regulatory requirements.Analyze security controls and compliance requirements for various frameworks such as NIST CSF, SOC2, HIPAA, HITRUST, ISO27001, PCI, FedRAMP and Privacy Impact Assessments.Conduct regular audits and assessments to ensure adherence to regulatory standards.
Security Monitoring and Incident Response:
Lead the development and implementation of security monitoring strategies and incident response plans.Oversee threat detection, threat hunting, and the investigation of security incidents.Coordinate incident response efforts and implement remediation plans.
Threat Modeling and Risk Management:
Conduct threat modeling exercises to identify and mitigate potential security risks.Perform risk assessments and develop strategies to address identified vulnerabilities.
Cloud Security:
Architect and secure cloud environments (AWS, Azure, GCP) following industry best practices.Implement and manage cloud security controls to protect data integrity and confidentiality.
Leadership and Mentorship:
Provide technical leadership and guidance to other engineers and other IT staff.Stay updated on the latest security trends, technologies, and regulatory changes, and share knowledge with the team.
Qualifications:Bachelor's degree in Computer Science, Information Technology, or a related field.Minimum of 10 years of experience in cybersecurity, with at least 7 years in a senior or architect role.Extensive experience with security tools such as SIEM, EDR, Firewall, IDPS, and WAF.Strong knowledge of HIPAA, HITECH, and other healthcare-related regulations.Proven track record in threat monitoring, security monitoring, and incident response.In-depth understanding of cloud security principles and experience securing cloud environments.Relevant certifications such as CISSP, CISM, CEH, or equivalent.Demonstrated by means of experience or product technical certification to support in-depth knowledge for:
Network and web related protocolsCrowdStrike or SentinelOneWeb Application Firewalls (WAFs)Security Controls for Cloud Environments (Microsoft Azure, Amazon Web Services)SAML, OAuth tools such as Okta and AzureRapid 7 IDR/InsightVM, LogRhythm, Splunk or Similar SIEM.Intermediate to Advanced Knowledge of Microsoft PowerShellWeb app security using various DAST, SAST, IAST and SCA toolsVarious CI/CD integrations for DevSecOps practices
Strong knowledge of NIST 800-53, HIPAA and one or more additional security frameworks from the following list is also essential for this role
ISO 27001CIS Critical ControlsHITRUST
Familiarity with programming languages such as .NET, Java and PythonExcellent problem-solving and analytical skills.Strong technical skills and the ability to work collaboratively with cross-functional teams.Strong work ethic and integrity.Additional Details:Every individual at CareDx has a direct impact on our collective mission to improve the lives of organ transplant patients worldwide. We believe in taking great care of our people, so they take even greater care of our patients.Our competitive Total Rewards package includes:Competitive base salary and incentive compensationHealth and welfare benefits including a gym reimbursement program401(k) savings plan matchEmployee Stock Purchase PlanPre-tax commuter benefitsAnd more!In addition, we have a Living Donor Employee Recovery Policy that allows up to 30 days of paid leave annually to a full-time employee who makes the selfless act of donating an organ or bone marrow.With products that are making a difference in the lives of transplant patients today and a promising pipeline for the future, it's an exciting time to be part of the CareDx team. Join us in partnering with transplant patients to transform our future together.CareDx, Inc. is an Equal Opportunity Employer and participates in the E-Verify program.
By proceeding with our application and submitting your information, you acknowledge that you have read our
U.S. Personnel Privacy Notice
and consent to receive email communication from CareDx.******** We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.#LI-Hybrid #LI-In Office
Ensure compliance with SOC 2, HIPAA, HITECH, and other relevant regulatory requirements.Analyze security controls and compliance requirements for various frameworks such as NIST CSF, SOC2, HIPAA, HITRUST, ISO27001, PCI, FedRAMP and Privacy Impact Assessments.Conduct regular audits and assessments to ensure adherence to regulatory standards.
Security Monitoring and Incident Response:
Lead the development and implementation of security monitoring strategies and incident response plans.Oversee threat detection, threat hunting, and the investigation of security incidents.Coordinate incident response efforts and implement remediation plans.
Threat Modeling and Risk Management:
Conduct threat modeling exercises to identify and mitigate potential security risks.Perform risk assessments and develop strategies to address identified vulnerabilities.
Cloud Security:
Architect and secure cloud environments (AWS, Azure, GCP) following industry best practices.Implement and manage cloud security controls to protect data integrity and confidentiality.
Leadership and Mentorship:
Provide technical leadership and guidance to other engineers and other IT staff.Stay updated on the latest security trends, technologies, and regulatory changes, and share knowledge with the team.
Qualifications:Bachelor's degree in Computer Science, Information Technology, or a related field.Minimum of 10 years of experience in cybersecurity, with at least 7 years in a senior or architect role.Extensive experience with security tools such as SIEM, EDR, Firewall, IDPS, and WAF.Strong knowledge of HIPAA, HITECH, and other healthcare-related regulations.Proven track record in threat monitoring, security monitoring, and incident response.In-depth understanding of cloud security principles and experience securing cloud environments.Relevant certifications such as CISSP, CISM, CEH, or equivalent.Demonstrated by means of experience or product technical certification to support in-depth knowledge for:
Network and web related protocolsCrowdStrike or SentinelOneWeb Application Firewalls (WAFs)Security Controls for Cloud Environments (Microsoft Azure, Amazon Web Services)SAML, OAuth tools such as Okta and AzureRapid 7 IDR/InsightVM, LogRhythm, Splunk or Similar SIEM.Intermediate to Advanced Knowledge of Microsoft PowerShellWeb app security using various DAST, SAST, IAST and SCA toolsVarious CI/CD integrations for DevSecOps practices
Strong knowledge of NIST 800-53, HIPAA and one or more additional security frameworks from the following list is also essential for this role
ISO 27001CIS Critical ControlsHITRUST
Familiarity with programming languages such as .NET, Java and PythonExcellent problem-solving and analytical skills.Strong technical skills and the ability to work collaboratively with cross-functional teams.Strong work ethic and integrity.Additional Details:Every individual at CareDx has a direct impact on our collective mission to improve the lives of organ transplant patients worldwide. We believe in taking great care of our people, so they take even greater care of our patients.Our competitive Total Rewards package includes:Competitive base salary and incentive compensationHealth and welfare benefits including a gym reimbursement program401(k) savings plan matchEmployee Stock Purchase PlanPre-tax commuter benefitsAnd more!In addition, we have a Living Donor Employee Recovery Policy that allows up to 30 days of paid leave annually to a full-time employee who makes the selfless act of donating an organ or bone marrow.With products that are making a difference in the lives of transplant patients today and a promising pipeline for the future, it's an exciting time to be part of the CareDx team. Join us in partnering with transplant patients to transform our future together.CareDx, Inc. is an Equal Opportunity Employer and participates in the E-Verify program.
By proceeding with our application and submitting your information, you acknowledge that you have read our
U.S. Personnel Privacy Notice
and consent to receive email communication from CareDx.******** We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.#LI-Hybrid #LI-In Office