Security Engineer

Role Overview

We are seeking a Security Engineer to protect RISA Labs' infrastructure, applications, and customer data from security threats. You will be responsible for analyzing and mitigating risks, enhancing our security posture, and ensuring that our platform adheres to the highest standards of compliance, including HIPAA, SOC 2, and other regulatory requirements.

This role will allow you to apply your expertise in security to help safeguard critical systems and data while working alongside talented teams of engineers and product managers to integrate security into every aspect of our platform.

Responsibilities

• Vulnerability Management: Conduct regular vulnerability assessments and penetration testing to identify weaknesses in our systems, applications, and infrastructure.
• Security Infrastructure: Design and implement security measures to protect data, networks, and systems from unauthorized access, cyberattacks, and breaches.
• Compliance & Regulatory Requirements: Ensure that our systems comply with industry-specific security standards, such as HIPAA, SOC 2, ISO 27001, and GDPR, and work to achieve ongoing certifications as needed.
• Incident Response: Lead the response to security incidents, including analyzing the impact, coordinating remediation efforts, and preventing future occurrences.
• Monitoring & Detection: Implement tools and processes for real-time monitoring of security threats, ensuring rapid detection and response to potential risks.
• Collaboration & Education: Collaborate with engineering and product teams to integrate security into the development process, helping teams to design and deploy secure systems.
• Security Automation: Develop and implement automation solutions to streamline security operations and reduce human error.
• Security Best Practices: Establish and enforce security policies and procedures across the organization, ensuring best practices in all aspects of security and risk management.

Qualifications

• 4+ years of experience as a Security Engineer or in a similar role, with a focus on securing complex, high-performance systems
• Strong knowledge of security concepts, tools, and techniques, including firewalls, encryption, vulnerability scanning, penetration testing, and threat modeling
• Experience with cloud security (AWS, GCP, or Azure) and securing cloud-based environments
• Familiarity with security compliance frameworks such as HIPAA, SOC 2, ISO 27001, and GDPR
• Experience with security tools such as SIEM, IDS/IPS, vulnerability scanners, and penetration testing tools
• Strong programming skills in languages such as Python, Java, or Bash for automation and scripting security tasks
• Knowledge of secure coding practices and code review processes to prevent security vulnerabilities
• Ability to work independently and within cross-functional teams to implement security solutions
• Excellent problem-solving and analytical skills, with the ability to manage and prioritize multiple security tasks
• Certifications such as CISSP, CISM, or CEH are a plus
• Bachelor’s degree in Computer Science, Information Security, or a related field