Jobs · Information Technology · Michigan

Security Engineer

Birdi · Plymouth, MI · 3 wk ago
Information TechnologyFull-time

Cybersecurity Program Management & Compliance

  • Research, develop, implement, and maintain comprehensive cybersecurity policies, standards, procedures, and controls.
  • Lead cybersecurity efforts supporting SOC 2 Type II compliance and ongoing certification activities.
  • Cookbook documentation, evidence collection, audit preparation, and remediation activities.
  • Support HIPAA Security Rule compliance by implementing administrative, technical, and physical safeguards.
  • Conduct regular reviews of security controls and identify opportunities for continuous improvement.
  • Partner with internal stakeholders and external auditors to ensure compliance requirements are met.

Risk Management & Security Operations

  • Conduct security risk assessments, vulnerability reviews, and threat analyses to identify potential risks and vulnerabilities.
  • Develop and implement mitigation strategies aligned with regulatory requirements and industry best practices.
  • Monitor security alerts, events, and threats across enterprise environments.
  • Design and maintain security monitoring, threat detection, and alerting capabilities.
  • Lead incident response activities, including investigation, containment, remediation, recovery, and post-incident review.
  • Maintain breach response and notification processes in accordance with HIPAA and organizational requirements.
  • Participate in an on-call rotation supporting critical security incidents and operational security events.

Identity & Access Management (IAM)

  • Design, implement, and manage enterprise Identity and Access Management strategies.
  • Develop and maintain role-based access control (RBAC) models and least-privilege access frameworks.
  • Manage and support multi-factor authentication (MFA), single sign-on (SSO), privileged access management, and identity governance initiatives.
  • Conduct periodic access reviews and user entitlement audits to ensure appropriate authorization levels.
  • Develop permissions governance standards that support regulatory compliance and data protection requirements.
  • Monitor and improve identity security controls across business and technology platforms.

Software Supply Chain Security & DevSecOps

  • Establish and maintain software supply chain security programs and controls.
  • Implement Software Bill of Materials (SBOM) management practices and dependency monitoring processes.
  • Manage application dependency scanning, vulnerability assessments, and remediation activities.
  • Collaborate with Development and DevOps teams to integrate security throughout the Software Development Life Cycle (SDLC).
  • Support secure coding standards, application security testing, code review processes, and CI/CD security controls.
  • Evaluate and implement tools that improve application security, container security, and software integrity.

Cloud Security & Infrastructure Protection

  • Design and implement security controls supporting cloud-based environments, particularly AWS.
  • Assess cloud infrastructure configurations and implement security best practices.
  • Support endpoint protection technologies, network security controls, firewall management, and threat prevention solutions.
  • Monitor cloud and infrastructure environments for security risks and compliance concerns.
  • Partner with technical teams to strengthen overall infrastructure security and resilience.

Security Awareness & Training

  • Develop, implement, and maintain a company-wide Security Awareness Training Program.
  • Deliver cybersecurity education focused on phishing awareness, social engineering defense, HIPAA requirements, and secure handling of sensitive information.
  • Track employee training completion and maintain records for compliance and audit purposes.
  • Conduct ongoing awareness campaigns and educational initiatives to strengthen organizational security culture.
  • Ensure training content remains current with evolving cybersecurity threats and industry trends.

Vendor Security & Third-Party Risk Management

  • Evaluate third-party vendors, business associates, and service providers for cybersecurity and compliance risks.
  • Conduct security reviews and assessments of vendors handling sensitive information.
  • Ensure vendor security practices align with HIPAA requirements and organizational standards.
  • Support risk remediation efforts and ongoing vendor monitoring activities.
  • Aid in contract reviews and security-related due diligence activities.

Similar jobs

Security Engineer

Planet PharmaAlameda, CA· Yesterday
Information Technologyapply on careers.planet-pharma.com

Security Engineer

HaystackVirginia, United States· Yesterday
RemoteInformation Technology$87k–$198k/yrapply on haystack.cv

Security Engineer

QuEra Computing Inc.Boston, MA· Yesterday
Information Technology$90k–$140k/yrapply on grnh.se

Security Engineer

LambdaSan Jose, CA· Today
Information Technology$266k–$395k/yrapply on jobs.ashbyhq.com

Security Engineer

HaystackPhiladelphia, PA· 5 days ago
Information Technology$126k–$210k/yrapply on haystack.cv