What are the responsibilities and job description for the Security Engineer position at RevSpring, Inc and Careers?
Job Title: Security Engineer
Job Summary:
This is not a passive, monitor-the-dashboard role — it is designed for a builder. The Security Engineer at RevSpring will lead efforts to secure infrastructure by owning, integrating, and optimizing the full lifecycle of security tools. From SIEM and CSPM to EDR and SOAR, each control will be made actionable, automated, and aligned to risk. Collaboration across teams will be essential to embed security into systems and processes, driving measurable maturity and delivering real protection — not just checklists.
The role also supports compliance initiatives, leads risk assessments, manages security frameworks (NIST, HITRUST, ISO 27001), and responds to emerging threats with a solid understanding of both offensive and defensive security practices. Positioned at the intersection of security engineering, architecture, and strategy, this is a high-impact opportunity.
This position is part of a high-impact team focused on building the security backbone for an organization that enables critical communications in healthcare, finance, and beyond. The work contributes directly to securing the ways millions of people connect with the services they depend on — confidently and securely.
For professionals who view security maturity not as a project, but as an ongoing discipline, this role offers the ideal environment to thrive.
Essential Functions:
Tool Ownership & Security Architecture
- Own the lifecycle of security platforms including EDR/XDR, SIEM, SOAR, CSPM, IAM, and vulnerability management.
- Integrate and automate security tools and workflows across IT, cloud, and SOC environments.
- Continuously tune alerting, dashboards, and policies to reduce noise and improve signal quality.
- Maintain security control maps and maturity metrics.
Security Maturity & Measurement
- Build and maintain RevSpring’s Security Tool Maturity Roadmap.
- Track and report key performance indicators (KPIs) and return on investment (ROI) for all tools.
- Map control capabilities to frameworks such as NIST CSF, HITRUST, ISO 27001, and CIS Controls.
- Identify coverage gaps and eliminate redundant tools.
Security Engineering & Compliance
- Conduct regular security risk assessments and audits across systems, applications, and networks.
- Design and implement new security solutions, collaborating closely with infrastructure, cloud, and AppSec teams.
- Support and maintain compliance with HIPAA, HITRUST, PCI-DSS, SOX, NIST, and GLBA.
- Formulate and manage IT security incident response strategies.
Automation & Enablement
- Develop scripts and integrations using Python, PowerShell, Bash, and REST APIs to automate security operations.
- Embed security controls into CI/CD pipelines and infrastructure as code.
- Maintain documentation, runbooks, and diagrams to support repeatable security improvements.
Governance & Cross-Functional Collaboration
- Partner with procurement, risk, and compliance teams to manage tool renewals, licensing, and governance.
- Communicate security tool performance, maturity, and improvements to leadership in clear, data-driven ways.
- Translate complex technical issues into business-relevant language.
Minimum Requirements:
Specific Job Skills:
- Strong understanding of at least three areas of the modern security stack: SIEM, EDR/XDR, SOAR, CSPM, IAM, or vulnerability management.
- Experience in cloud security (AWS, Azure, or GCP) and implementing security controls across cloud platforms.
- Experience with security assessments, architecture design, and risk-based security implementation.
- Familiarity with standards/frameworks: NIST CSF, HITRUST, ISO 27001/27002, COBIT, ITIL, CIS.
- Proficient in scripting/automation (e.g., Python, PowerShell) and integrating APIs.
- Experience with penetration testing, ethical hacking, or advanced threat detection tools.
- Ability to support compliance requirements and perform security reviews for internal and external stakeholders.
- Experience building or managing a security tool governance or maturity framework.
- Certifications such as GDSA, GCIA, AWS Security Specialty, CISSP, CISM, or similar.
- Familiarity with MITRE ATT&CK, secure coding practices, and modern DevSecOps workflows.
- Strong project management, reporting, and stakeholder communication skills.
- Analytical mindset with the ability to break down complex problems.
- Strong written and verbal communication skills — technical and non-technical audiences.
- Proven ability to work independently and as part of a team.
- Flexible and adaptable to evolving business and technical priorities.
- Passion for continuous learning and measurable security outcomes.
Education: N/A
Experience: 3–7 years of hands-on experience in Security Engineering, SOC Engineering, or DevSecOps.
Supervision: N/A
Certifications: N/A
Language Skills:
Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from a variety of both internal and external sources.
Physical Capabilities: Standard categories
The physical capabilities described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.
RevSpring is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Note: This Job Description may not describe all of the job responsibilities and standards assigned to this position. The duties may change from time to time. RevSpring does not discriminate against any group in hiring or employment practices. Nothing in this job description constitutes a contract for employment.