Summary

The Senior Security Engineer is a key contributor to the overall cybersecurity program, with a primary focus on strengthening Risk Management and Incident Response capabilities. This role supports these objectives by performing risk assessments for third parties, on-premise systems, network-connected equipment, and cloud-based environments.

Incident Response responsibilities include planning and facilitating tabletop exercises and collaborating with cross-functional teams to remediate identified gaps. On a day-to-day basis, this position works closely with stakeholders at all levels of the organization to support security initiatives and continuous improvement.

Responsibilities

• Support the implementation, execution, and ongoing enhancement of the Information Security Program, including policy and documentation maintenance, risk assessments, security controls, and technical oversight.
• Maintain and update information security policies, procedures, and standards.
• Conduct periodic risk analyses and risk management assessments.
• Develop and coordinate application security reviews; manage vulnerability and incident response activities.
• Evaluate, select, and support the implementation of information security tools and technologies.
• Troubleshoot and remediate security issues in complex, matrixed environments.
• Work effectively in fast-paced settings with diverse personalities and work styles.
• Perform well under pressure, managing tight deadlines with a strong sense of urgency.
• Demonstrate strong written, verbal, and active listening communication skills.
• Perform additional duties as required.

Technical Expertise & Qualifications

• Experience with security and compliance frameworks such as HIPAA, HITECH, PCI, NIST, and similar standards.
• Hands-on experience securing information systems and related technologies.
• Background in both Technical Security Engineering and Governance, Risk, and Compliance (GRC) is strongly preferred.
• Proven ability to work effectively with stakeholders at all organizational levels.
• Experience in regulated industries is preferred.
• Proficiency with productivity tools such as Microsoft Outlook, Excel, Word, Visio, and SharePoint (or equivalent).
• Strong understanding of security concepts, including cyber threats, attack techniques, threat vectors, risk management, and incident response.
• Experience supporting privacy and security due diligence for third-party relationships or mergers and acquisitions is a plus.
• Knowledge of multiple operating systems (e.g., Windows, Linux, Unix).
• Familiarity with application, database, and middleware security concepts.
• Skilled in preparing reports, dashboards, and formal documentation.
• Excellent communication, leadership, analytical, and problem-solving skills.
• Ability to manage high-pressure situations involving key stakeholders.
• Strong organizational skills with the ability to work independently and collaboratively.
• Adaptable and effective in dynamic work environments.

Education and Experience

• Bachelor’s degree in a related field required.
• One or more security certifications required (e.g., CEH, CISSP, GCIH, GSEC, or equivalent).
• 2–3 years of leadership or supervisory experience preferred.

^*We will consider for employment all qualified Applicants, including those with criminal histories, in a manner consistent with the requirements of applicable federal, state, and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance (FCIHO), Los Angeles Fair Chance Ordinance for Employers (ULAC), The San Francisco Fair Chance Ordinance (FCO), and the California Fair Chance Act (CFCA).

^*As a job position within our IT and EHR division, a successful completion of a background check may be required as a condition of employment. This requirement is directly related to essential job functions including but not limited to: accessing confidential information, potential exposure to personally identifiable information and/or HIPAA records and information, access to work stations for other staff, access to login credentials for protected technical equipment and software, unrestricted access to company software and programs. Due to these job duties, this position has a significant impact on the business operations and reputation, as well as the safety and well-being of individuals who may be cared for as part of the job position or who may interact with staff or clients.