Senior Security Engineer

This range is provided by Revo Health. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$/yr - $/yr

A Senior Security Engineer is responsible for the design, implementation, and maintenance of robust security solutions to protect information systems and assets. This role requires extensive expertise in identifying, analyzing, and mitigating security threats, collaborating across departments, and leading initiatives to strengthen the overall security posture. This role plays a pivotal role in shaping security strategies, mentoring junior staff, and ensuring compliance with industry standards and regulations.

This is a full-time position working M-F between the hours of 8:00 am - 5:00 pm out of our Corporate Office in Bloomington, MN.

Revo Health is a professional services company that partners with multiple healthcare groups to deliver exceptional patient care. This position will be employed through Revo Health, working closely with Infinite Health Collaborative (i-Health) and its operating divisions.

• Security Architecture & Design:
  Develop, review, and enhance security architectures for applications, networks, and systems. Create secure-by-design solutions that anticipate evolving threats and business requirements.
• Threat Analysis &
  
  Risk Management:
  
  Conduct comprehensive security risk assessments. Identify vulnerabilities, evaluate threats, and recommend appropriate countermeasures. Prioritize risks based on business impact and likelihood.
• Incident Response & Investigation:
  Lead the response to security incidents, including detection, containment, eradication, recovery, and post-mortem analysis. Collaborate with legal, compliance, and IT teams to document incidents and implement lessons learned.
• Security Operations:
  Oversee daily security monitoring, log analysis, and the maintenance of security tools such as SIEM, firewalls, IDS/IPS, DLP, and endpoint protection platforms. Investigate and resolve alerts and anomalous behavior.
• Vulnerability Management:
  Plan and execute regular vulnerability scans and penetration tests. Lead remediation efforts and validate fixes. Communicate findings and recommendations to both technical and non-technical stakeholders.
• Policy & Compliance:
  Develop and update security policies, standards, and procedures. Ensure compliance with laws, regulations, and industry frameworks (such as ISO 27001, NIST, SOC 2, PCI DSS, HIPAA, or GDPR).
• Security Awareness & Training:
  Lead the creation and delivery of security awareness programs for staff. Mentor and train junior engineers and other staff on security best practices.
• Collaboration & Leadership:
  Work closely with cross-functional teams, including software development, IT operations, and executive leadership. Influence security culture and advocate for secure practices throughout the organization.
• Continuous Improvement:
  Stay abreast of emerging threats, vulnerabilities, and technologies. Recommend and implement improvements to security processes, tools, and controls.
• Data Governance:
  Implement and manage Microsoft Purview solutions to ensure comprehensive data governance across the organization. This includes defining and enforcing policies for data classification, retention, and access control.
• Third-Party Security:
  Assess the security posture of vendors and partners. Participate in risk assessments related to third-party relationships.
• Project Management:
  Lead security projects from conception to completion. Develop project plans, track progress, and ensure timely delivery of objectives.
• Documentation:
  Maintain thorough documentation of security architectures, controls, incidents, and compliance activities. Prepare reports and metrics for executives and auditors.

• Bachelor’s degree or equivalent certifications in Computer Engineering, Information Technology, or Cybersecurity related field. Equivalent experience may be considered.
• Experience:
  
  Minimum of 5-7 years in information security or a…