Senior Information Security Engineer

Position Summary

Direct Supply is building the future of healthcare technology with industry‑leading products, solutions and platforms to help improve the lives of millions of seniors and those who care for them. In the Senior Information Security Engineer position, you’ll play a key role in protecting Direct Supply’s systems, data, and applications by designing and implementing advanced security solutions. You’ll leverage cutting‑edge tools, threat intelligence, and automation to proactively detect and mitigate emerging threats while leading strategic security initiatives.

• Design and implement advanced security solutions, including AI‑powered threat detection, to safeguard systems, networks, and applications.
• Lead key security programs such as vulnerability management, incident response, and compliance audits.
• Analyze threat intelligence, assess risks, and implement proactive countermeasures to mitigate emerging threats.
• Collaborate with development and Dev Ops teams to embed security into APIs, microservices, and CI/CD workflows.
• Establish monitoring systems, performance metrics, and reporting tools to ensure visibility into security control effectiveness.
• Conduct direct incident response activities and forensic investigations.
• Mentor junior security engineers and foster a culture of security awareness across the organization.
• Ensure adherence to industry standards and regulatory frameworks (NIST, ISO 27001, OWASP, HIPAA, SOC2, PCI).

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• At least 4 years of experience in information security, with expertise in designing and managing complex security systems.
• Experience with cloud security and encryption protocols.
• Proficiency with security tools (SIEM, IDS/IPS, EDR, vulnerability management) and scripting languages (Python, Power Shell) for automation and threat detection.
• Proven ability to design and implement scalable security architectures, including cloud security (e.g., AWS).
• Strong ability to analyze and respond to security incidents using forensic tools, automation, and threat intelligence.
• Preferred but not required: certifications such as CISSP, CISM, CEH, OSCP, or CompTIA Security+.

• Contributions to open‑source security tools or participation in Capture The Flag competitions.
• Experience with AI‑driven security tools or agentic AI applications.
• Active involvement in security communities, professional events, or technical conferences.
• Knowledge of PKI, secure API design, and microservices security architecture.

Generous benefit package available.