Sr. Information Security Engineer

Only candidates residing in Washington State will be considered. (Hybrid - onsite/remote)

ROLE SUMMARY

We are seeking a Senior Information Security Engineer to support and mature our enterprise security program. This role will operate as a hands-on security leader, responsible for executing day-to-day security operations while also identifying gaps, recommending improvements, and driving security initiatives forward.

This position sits within Infrastructure and works closely with a virtual CISO, serving as a key operator responsible for security program execution, vulnerability management, and tool optimization.

The ideal candidate is highly self-directed, proactive, and capable of identifying what needs to be done—not just executing assigned tasks.

DAY-TO-DAY RESPONSIBILITIES

• Lead vulnerability management lifecycle: 
• • Analyze Rapid7 scan results 
  • Prioritize remediation efforts 
  • Coordinate fixes with infrastructure teams 
• Act as the primary security operations lead:
• • Monitor threats, detections, and incidents 
  • Ensure timely response and resolution 
• Drive security tool optimization: 
• • CrowdStrike 
  • Rapid7 
  • Microsoft Purview 
  • Azure security tools 
• Coordinate and manage: 
• • Penetration testing efforts (3rd party) 
  • Security assessments 
  • Vendor risk reviews 
• Develop and mature: 
• • Security processes 
  • Policies and procedures 
  • Runbooks and operational standards 
• Identify gaps in current security posture and recommend improvements 
• Support data protection initiatives: 
• • DLP 
  • Data classification 
  • Purview rollout 
• Partner with infrastructure teams to: 
• • Guide remediation actions 
  • Ensure alignment with security priorities 

REQUIRED SKILLS & EXPERIENCE

Core Requirements

• 5–10 years in Information Security or related field 
• 3 years in Healthcare / HIPAA-regulated environments
• Strong experience in: 
• • Vulnerability management
  • Security operations 
  • Risk identification 

Technical Skills

• Hands-on experience with: 
• • Rapid7 (or similar vulnerability tools) 
  • CrowdStrike (or endpoint security tools) 
  • Microsoft Security Stack (Defender, Purview, Azure Security) 
• Knowledge of: 
• • Cloud security (Azure preferred) 
  • Identity and access management 
  • Data protection / DLP 
• Familiarity with: 
• • NIST CSF 
  • HIPAA compliance frameworks 

TECHNOLOGY STACK

• Microsoft Azure 
• Microsoft Purview (DLP, compliance) 
• CrowdStrike Falcon 
• Rapid7 (VM / AppSec) 
• Microsoft Defender Suite 
• Hybrid environment (on-prem cloud) 

CULTURE & ENVIRONMENT

This is a lean, evolving security environment with no dedicated full-time CISO currently in place.

The role requires someone who can:

• Operate independently with minimal direction
• Thrive in ambiguity and build structure
• Take ownership of security initiatives 
• Work cross-functionally with infrastructure, data, and leadership teams 

SOFT SKILLS (CRITICAL FOR SUCCESS)

• Self-starter with strong initiative 
• Ability to identify gaps and proactively act
• Strong communication with both technical and non-technical stakeholders 
• Ability to prioritize and manage multiple efforts 
• Practical, execution-focused mindset (not theoretical) 

WHAT THIS ROLE IS NOT

• Not a pure compliance role 
• Not a passive “ticket-driven” position 
• Not a senior architect or CISO