What are the responsibilities and job description for the Senior Cybersecurity Engineer position at Versant Health?
Department
Information Security
Revision Date
September 9, 2025
FLSA Status
Exempt
Eeo-1
3 - Professionals
New Job
Current Job Revisions
Senior Cybersecurity Engineer
Scope And Purpose Of Position
The Senior Cybersecurity Engineer is responsible for the development, implementation, and operations of technical systems and controls necessary to safeguard the company's information and assets. This position will work directly with technical and non-technical staff to protect the confidentiality, integrity, and availability of sensitive data and systems.
This position will be involved in a wide range of issues and projects, including the development of secure software, architectures, tools, and controls utilizing security best practices and industry standards, with an underlying focus on compliance with major governance and regulatory standards such as SOX, SOC 2, PCI, HITRUST, & HIPAA.
Essential Functions
Leadership
All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program.
We provide equal employment opportunities (EEO) to all associates and applicants for employment without regard to race, color, religious beliefs, sex, gender identity, sexual orientation, age, marital status, national origin, ancestry, physical or mental disability or history of disability, genetic information, status as a protected veteran or disabled veteran, or any other status protected by Federal, state or local law.
Job description must be reviewed and approved by a Senior HR Leader.
Our purpose is to make healthy vision a reality for everyone by improving access to care and education in the communities we serve. Fueled by our mission to improve members’ lives with easy-to-use vision solutions rooted in choice, value, and care, Versant Health believes that everyone has the power to become anything they set their sights on.
Our team is guided by core Leadership Principles—Perspective, Care, Drive, and Ownership—which shape how we work, lead, and grow together.
Information Security
Revision Date
September 9, 2025
FLSA Status
Exempt
Eeo-1
3 - Professionals
New Job
Current Job Revisions
Senior Cybersecurity Engineer
Scope And Purpose Of Position
The Senior Cybersecurity Engineer is responsible for the development, implementation, and operations of technical systems and controls necessary to safeguard the company's information and assets. This position will work directly with technical and non-technical staff to protect the confidentiality, integrity, and availability of sensitive data and systems.
This position will be involved in a wide range of issues and projects, including the development of secure software, architectures, tools, and controls utilizing security best practices and industry standards, with an underlying focus on compliance with major governance and regulatory standards such as SOX, SOC 2, PCI, HITRUST, & HIPAA.
Essential Functions
Leadership
- Provide mentorship and technical guidance to less experienced cybersecurity team members, fostering growth and knowledge-sharing
- Lead incident response activities, tabletop exercises, IR planning, etc.
- Drive team's execution of all assigned OKRs
- Track and report on KPIs
- Serve as technical escalation point for internal Cybersecurity Analysts as well as the MSSPs, such as the MDR & SOC teams
- Contribute thought leadership and hands-on expertise to influence the direction of the information security program
- Design, deploy, manage, enhance, tune, and expand enterprise-wide security systems, including enterprise encryption, SWG, ZTNA, NGFW, XDR, large scale security event logging and correlation systems, WAF, DLP, PAM, MFA, IDAM, SCA/SAST/DAST, CNAPP, decoy systems, central config control systems such as Intune, Tanium, etc.
- Evaluate the applicability, effectiveness, and/or necessity of new and existing security tools
- Work with application and infrastructure teams to ensure the safe and security-integrated development and deployment of COTS, SaaS, IaaS, PaaS, etc.
- Secure M365, Azure & other cloud environment designs & configurations, and ensure integration with core security systems and controls
- Provide technical security leadership during incident response, and perform analysis of security incidents
- Investigate and mitigate security threats, and support other IT organizations in the diagnosis of potential security incidents
- Interface with both technical and non-technical individuals and groups to assist with security issues and identify new security opportunities arising from advancements in security and newly defined security best practices.
- Partner with other teams in the design and implementation of systems, applications, processes, and/or other related technologies to adhere to security and compliance best practices, regulations, laws, and/or company programs, procedures, policies, and guidelines
- Assist SecOps with developing and performing routine (daily, weekly, monthly, quarterly, & yearly) reporting on our security events, trends, and system hygiene & posture, such as on our IaaS environments & critical SaaS environments
- Work with other cybersecurity engineers to report on security program and project status, performance, and gaps
- Develop and maintain security documentation including diagrams, security standards, and disaster recovery manuals, and support the security strategy by outlining the requirements and benefits of specific security tools and/or solutions
- Perform and/or assist with remediation efforts as a result of penetration tests, enterprise-wide vulnerability assessments, etc.
- Assist Risk Management with the identification and documentation of risks throughout the environment, including the evaluation of incoming systems
- Support internal, customer, and independent audits, as necessary
- Assist in the development of solutions to address defined security remediation action plans, including POAMs and Risk Treatments
- Support physical security access management and monitoring solutions
- Work with management and technology leads within the organization to ensure alignment with shared goals and strategies
- Maintain current knowledge of industry trends in security and compliance
- Bachelor’s Degree in Computer Science, Computer Engineering, or Information Security / Cyber Security required
- Equivalent combination of education, training, and experience will be considered in lieu of bachelor's degree
- 3 years of experience in a full-time Information Security role or other technical role that lends itself to skills needed for Information Security, such as infrastructure or software engineering required
- Technical security certificates preferred - e.g., SANS GIAC, vendor-specific security certs, top non-security certs, such as CCIE, etc.
- Non-technical security certificates preferred- e.g., ISC(2) CISSP, ISACA CRISC, etc.
- Experience developing with programming languages to interact with, and manipulate data from, systems such as AD, MS Graph API, etc.
- Experience working with enterprise-wide logging environments
- Security-relevant experience around Active Director, Azure AD (Entra), Linux, and Windows Server & Workstation OSs
- Experience working within an ITSM, such as ServiceNow, JIRA, ZenDesk, etc.
- Very strong experience with MS Office tools & web-based collaboration tools
- Knowledge of core security systems, such as XDR, SWG, decoy systems, SIEM, WAF, DLP, vuln scanners, whole disk encryption, PAM, IDAM, MFA, etc.
- Networking knowledge, including TCP/IP core tenets, packet analysis, core routing & switching, and wireless network security.
- Knowledge of, or experience with, Microsoft 365 security & compliance controls
- Collaboration - Outstanding team player, sociable, and able to operate easily in cross-functional and cross-departmental roles
- Adaptability - Must be able to react to shifting priorities and multitask
- Analytical Skills - Strong ability to use thinking and reasoning to solve a problem
- Communication, Oral - Excellent ability to communicate effectively with others using the spoken word
- Communication, Written - Excellent ability to communicate in writing, clearly and concisely
- Customer Oriented - Excellent ability to address the customers’ needs while following company procedures
- Decision Making - Ability to make critical decisions while following company procedures
- Interpersonal - Ability to get along well with a variety of personalities and individuals
- Problem Solving - Excellent ability to find a solution for or to deal proactively with work-related problems
- Relationship Building - Ability to effectively build relationships with customers and co-workers
- Working Under Pressure - Driven ability to complete assigned tasks under stressful situations
- Flexibility - Sets priorities and quickly adapts to changes in a professional manner
- Thoroughness - No alert goes uninvestigated
- Pragmatic Strategy - Understands & embraces the idea that security risk is probabilistic, and application of security controls & remediation functions must be practical
- Outcome-oriented - Understands & embraces the fact that outcomes are what matter and are how our performance is measured
- Honesty & Transparency - 100% honesty is expected at all times; this role performs critical functions and has access to sensitive information, so team members must be able to be trusted & all of our actions and motivations must be transparent
All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program.
We provide equal employment opportunities (EEO) to all associates and applicants for employment without regard to race, color, religious beliefs, sex, gender identity, sexual orientation, age, marital status, national origin, ancestry, physical or mental disability or history of disability, genetic information, status as a protected veteran or disabled veteran, or any other status protected by Federal, state or local law.
Job description must be reviewed and approved by a Senior HR Leader.
Our purpose is to make healthy vision a reality for everyone by improving access to care and education in the communities we serve. Fueled by our mission to improve members’ lives with easy-to-use vision solutions rooted in choice, value, and care, Versant Health believes that everyone has the power to become anything they set their sights on.
Our team is guided by core Leadership Principles—Perspective, Care, Drive, and Ownership—which shape how we work, lead, and grow together.
