Security Engineer

Company Overview: Blink Health is a healthcare technology company that builds products to make prescriptions accessible and affordable to everybody.  Our two primary products – BlinkRx and Quick Save – remove traditional roadblocks within the current prescription supply chain, resulting in better access to critical medications and improved health outcomes for patients.  BlinkRx is the world’s first pharma-to-patient cloud that offers a digital concierge service for patients who are prescribed branded medications. Patients benefit from transparent low prices, free home delivery, and world-class support on this first-of-its-kind centralized platform. With BlinkRx, never again will a patient show up at the pharmacy only to discover that they can’t afford their medication, their doctor needs to fill out a form for them, or the pharmacy doesn’t have the medication in stock.  We are a highly collaborative team of builders and operators who invent new ways of working in an industry that historically has resisted innovation. Join us! Success Researches, designs, and implements cyber security solutions that comply with all applicable security policies and standards Enables business growth and scaling of our cloud-first pharmacy solutions by making recommendations to improve the security of our network, system and application architectures  Works with IT, Infrastructure, Engineering teams and internal and external business partners to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software Analyzes complex logs, forensic artifacts, and scanning system results to identify suspicious or hostile actions on company systems, and to identify out-of-date or misconfigured software, operating systems, or packages Assists in the review and update of cyber security policies, architectures and standards Assists in responding to audits, penetration tests and vulnerability assessments Documents everything, understanding why documentation is important, and ensuring proper tracking of issues and/or architecture design changes Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity Has an ability to effectively influence others to modify their opinions, plans, or behaviors Self-motivated and possessing of a high sense of urgency and personal integrity Desired Experience Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows: BS or MA in computer science, cybersecurity or a related field 3+ years of experience in cybersecurity, especially in a security engineering role Certified information systems security professional (CISSP) or equivalent Technical Experience You have strong technical expertise in network security knowledge, to include VPN, firewall, network monitoring, intrusion detection, and wireless security You have practical experience engineering and tuning security solutions including vulnerability scanners, EDR solutions, DLP solutions, WAFs, and ingesting all relevant data into a SIEM for analysis, alerting, and threat hunting You deliver insights for vulnerability prioritization, remediation and reporting to engineering teams by ingesting, and abstracting the results of security assessment tools into a single platform (using tools such as Brinqa or Kenna) You have a high level of skill and proven experience securing the use of cloud services offered by various cloud providers (AWS, GCP, Azure, etc) - AWS preferred You have an understanding of the full stack of abstractions provided by modern container orchestration platforms such as Apache Mesos and Docker Swarm (we use Kubernetes) You have familiarity with modern container security tools such as Prisma Cloud Compute You understand how to implement automated security controls in release pipelines.  We use GitHub Actions, Helm, and AWS offerings You seek to automate manual processes and know at least one scripting language (e.g., Perl, Python, PowerShell) Knowledge and Skills Strong understanding of healthcare and payment card industry security standards and  regulations (HIPAA, NIST, HITRUST, and PCI-DSS)  Strong knowledge of common vulnerabilities and exploitation techniques  Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one Strong problem-solving and trouble-shooting skills Why Join Us: It is rare to have a company that both deeply impacts its customers and is able to provide its services across a massive population.  At Blink, we have a huge impact on people when they are most vulnerable: at the intersection of their healthcare and finances. We are also the fastest growing healthcare company in the country and are driving that impact across millions of new patients every year.  Our business model not only helps people, but drives economics that allow us to build a generational company. We are a relentlessly learning, constantly curious, and aggressively collaborative cross-functional team dedicated to inventing new ways to improve the lives of our customers. We are an equal opportunity employer and value diversity of all kinds. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.