Who We Are and Why Join Us
At OnMed our purpose is simple but powerful...to improve the quality of life and sense of well-being in our communities by bringing access to healthcare to everyone, everywhere. Our path to everywhere has already begun, with our innovative CareStation, a small but mighty, Clinic-in-a-Box, bringing #healthcareaccess anywhere with an outlet to plug it in. Poised to become a key component in America's public health infrastructure, the OnMed CareStation is the only tech-enabled, human-led, hybrid care solution that combines the comprehensive experience, trust and outcomes of a clinic, with the rapid scalability of virtual care.
At OnMed, every role, everyday, is directly impacting the communities we serve. You'll join a high-performing purpose-driven team, innovating to break down the barriers that keep people from the care they need.
This is not just a job...it's a movement to bring access to healthcare where and when people need it most. It's healthcare that shows up.
Who You Are
You are a skilled and proactive Security Engineer with a passion for protecting digital environments and ensuring the integrity of cloud-native applications, local networks, and physical infrastructure. You stay current with emerging security threats and technologies, and you're eager to contribute to a growing organization where your work directly impacts the safety and resilience of our systems. You thrive in collaborative environments and are comfortable working across teams and with external partners to uphold security standards and compliance.
Role's Responsibilities
Supporting the development and implementation of security protocols to protect OnMed's data, infrastructure, networks, and facilities.
Assisting in the configuration and management of monitoring and alerting tools to proactively detect and respond to threats.
Collaborating cross-functionally to ensure platforms comply with OnMed's security policies and infrastructure.
Managing access controls for digital systems and physical facilities.
Maintain and continuously improve SOC 2 control frameworks.
Work closely with external auditors and internal stakeholders to ensure evidence collection and policy adherence.
Monitor control effectiveness and support remediation efforts where needed.
Review and respond to security questionnaires from vendors and customers.
Conduct security due diligence on third-party tools and service providers.
Track and maintain documentation for vendor risk assessments.
Lead triage, investigation, and mitigation of security incidents.
Coordinate with relevant teams to ensure timely containment and recovery.
Conduct root cause analysis and recommend improvements to prevent recurrence.
Collaborate with IT and engineering to implement and manage security tools (SIEM, EDR, etc.).
Monitor infrastructure and application logs for threats and anomalies.
Automate security checks and integrate security into CI/CD pipelines as needed.
Assist in the development and enforcement of security policies and procedures.
Support employee security training and awareness initiatives.
Assisting in the implementation of Zero Trust protocols across OnMed platforms.
Leveraging automation to monitor, alert, and resolve security incidents.
Helping maintain compliance with SOC 2 and HITRUST standards and contributing to formal reporting efforts. Participating in regular risk assessments and internal audits.
Supporting physical security operations, including access control and video surveillance audits.
Performing other related role's responsibilities as assigned.
Requirements
Knowledge, Skills & Abilities
Must Have: Strong foundational understanding of information security principles and practices.
Experience securing cloud platforms (Azure or AWS) and on-prem infrastructure.
Proficiency in endpoint security across workstations, network appliances, and other devices.
Familiarity with monitoring, alerting, and incident response tools.
Ability to conduct risk assessments and support compliance initiatives.
Strong analytical and problem-solving skills.
Excellent communication and interpersonal abilities.
Ability to work independently and collaboratively in a fast-paced environment.
Detail-oriented with a proactive and forward-thinking mindset.
Encryption at rest and in transit
Experience in Key management (e.g., AWS KMS)
Nice-to-Have: Experience in the healthcare industry or with healthcare compliance standards.
Familiarity with Zero Trust architecture and implementation.
Experience with automation tools for security operations.
Hands-on experience with physical security systems (e.g., access control, surveillance).
Exposure to SOC 2 and HITRUST compliance frameworks.
Experience working with external vendors for security assessments.
Experiences working Firewalls, VPNs, IDS/IPS
Experiences in Network segmentation
Understanding of OWASP Top 10
Secure coding practices
Tokenization and hashing
SAST/DAST tools (e.g., SonarQube, Burp Suite)
Education & Experience Bachelor's degree in Computer Science, Information Technology, or a related field.
5+ years of experience in information security, preferably in a regulated industry.
3+ years of experience securing cloud and on-prem environments.
Industry certifications such as CISSP, CISM, GSEC, or equivalent.
Azure and/or AWS security certifications preferred.
Benefits
OnMed provides a competitive salary and benefits package, including unlimited PTO and paid holidays.
The base salary range for this role is $110,000 - $120,000 commensurate with the candidate's experience.
OnMed is a proud equal opportunity employer. All qualified applicants will be considered without regard to race, color, creed, religion, gender, sexual orientation, national origin, genetic information, disability, age, marital status, veteran status, or any other category protected by law.
#LI-HYBRID