Security Engineer
Birdi · Plymouth, MI · 3 wk ago
Information TechnologyFull-time
Cybersecurity Program Management & Compliance
- Research, develop, implement, and maintain comprehensive cybersecurity policies, standards, procedures, and controls.
- Lead cybersecurity efforts supporting SOC 2 Type II compliance and ongoing certification activities.
- Cookbook documentation, evidence collection, audit preparation, and remediation activities.
- Support HIPAA Security Rule compliance by implementing administrative, technical, and physical safeguards.
- Conduct regular reviews of security controls and identify opportunities for continuous improvement.
- Partner with internal stakeholders and external auditors to ensure compliance requirements are met.
Risk Management & Security Operations
- Conduct security risk assessments, vulnerability reviews, and threat analyses to identify potential risks and vulnerabilities.
- Develop and implement mitigation strategies aligned with regulatory requirements and industry best practices.
- Monitor security alerts, events, and threats across enterprise environments.
- Design and maintain security monitoring, threat detection, and alerting capabilities.
- Lead incident response activities, including investigation, containment, remediation, recovery, and post-incident review.
- Maintain breach response and notification processes in accordance with HIPAA and organizational requirements.
- Participate in an on-call rotation supporting critical security incidents and operational security events.
Identity & Access Management (IAM)
- Design, implement, and manage enterprise Identity and Access Management strategies.
- Develop and maintain role-based access control (RBAC) models and least-privilege access frameworks.
- Manage and support multi-factor authentication (MFA), single sign-on (SSO), privileged access management, and identity governance initiatives.
- Conduct periodic access reviews and user entitlement audits to ensure appropriate authorization levels.
- Develop permissions governance standards that support regulatory compliance and data protection requirements.
- Monitor and improve identity security controls across business and technology platforms.
Software Supply Chain Security & DevSecOps
- Establish and maintain software supply chain security programs and controls.
- Implement Software Bill of Materials (SBOM) management practices and dependency monitoring processes.
- Manage application dependency scanning, vulnerability assessments, and remediation activities.
- Collaborate with Development and DevOps teams to integrate security throughout the Software Development Life Cycle (SDLC).
- Support secure coding standards, application security testing, code review processes, and CI/CD security controls.
- Evaluate and implement tools that improve application security, container security, and software integrity.
Cloud Security & Infrastructure Protection
- Design and implement security controls supporting cloud-based environments, particularly AWS.
- Assess cloud infrastructure configurations and implement security best practices.
- Support endpoint protection technologies, network security controls, firewall management, and threat prevention solutions.
- Monitor cloud and infrastructure environments for security risks and compliance concerns.
- Partner with technical teams to strengthen overall infrastructure security and resilience.
Security Awareness & Training
- Develop, implement, and maintain a company-wide Security Awareness Training Program.
- Deliver cybersecurity education focused on phishing awareness, social engineering defense, HIPAA requirements, and secure handling of sensitive information.
- Track employee training completion and maintain records for compliance and audit purposes.
- Conduct ongoing awareness campaigns and educational initiatives to strengthen organizational security culture.
- Ensure training content remains current with evolving cybersecurity threats and industry trends.
Vendor Security & Third-Party Risk Management
- Evaluate third-party vendors, business associates, and service providers for cybersecurity and compliance risks.
- Conduct security reviews and assessments of vendors handling sensitive information.
- Ensure vendor security practices align with HIPAA requirements and organizational standards.
- Support risk remediation efforts and ongoing vendor monitoring activities.
- Aid in contract reviews and security-related due diligence activities.