Job Location:

Remote Position

Are you EPIC?
Do you have the ability to demonstrate, understand and apply HFD’s core purpose and
values in all that you do? At HFD, our mission is to make healthcare more affordable by giving everyone a better way to pay. In order to accomplish this mission, we must ensure that our team is aligned with our E.P.I.C. values:

• Excellence: Always exceeding expectations!
• Passionate: Executing with boldness!
• Innovative: Pioneering a better way!
• Collaborative: Together we win!

The EPIC Security Engineer we are looking for:
We are hiring a Security Engineer to join our IT Security function and work directly under our Senior Security Engineer. This is a hands-on technical role with broad scope across cloud security, compliance, incident response, and security architecture. The right candidate thrives in a lean environment, takes ownership, and wants to grow into deeper security responsibility over time.

As a Security Engineer, you will:

• Apply risk management principles to identify, assess, and reduce security risks across cloud, endpoint, identity, network, and application environments.
• Maintain working knowledge of approved cybersecurity standards, frameworks, policies, procedures, and industry best practices. Perform security control reviews, gap assessments, and remediation planning to strengthen the organization’s security posture.
• Support vulnerability management activities, including vulnerability analysis, risk prioritization, remediation tracking, and validation of completed fixes.
• Monitor alerts, logs, and threat indicators from SIEM, EDR, cloud, identity, and other security platforms to identify suspicious or anomalous activity.
• Triage and investigate security events, support containment actions, document findings, and assist with incident response efforts.
• Review system, application, cloud, and identity configurations to identify security risks, misconfigurations, and hardening opportunities.
• Assist with compliance and audit readiness activities, including evidence collection, control validation, and documentation of security practices.
• Support access reviews and identity security efforts, including privileged access validation, account hygiene, and review of high-risk permissions.
• Assist with defining and documenting security requirements for new systems, integrations, applications, and business processes.
• Help maintain and improve security policies, operational procedures, runbooks, and post-incident documentation.
• Contribute to detection engineering efforts by helping refine alerts, reduce false positives, and improve visibility across security platforms.
• Identify opportunities to improve automation, monitoring, response workflows, and overall security operations maturity.
• Collaborate with IT, engineering, and business teams to communicate risks, recommend practical security improvements, and support remediation efforts.
• Participate in lessons learned, incident reviews, and continuous improvement activities to reduce future security risk.
• Proactive threat hunting across multiple landscapes.

• 2–5 years of hands-on experience in an IT security, cloud security, or security operations role
• Practical experience with Microsoft Azure security services (Defender, Entra ID, Secure Score, Sentinel, or equivalent)
• Foundational knowledge of PCI DSS or similar compliance frameworks (HIPAA, SOC 2, NIST)
• Strong written communication skills — you will write runbooks, RCAs, and compliance documentation
• Ability to work independently and manage your own workload with minimal oversight
• Robust conceptual and practical understanding of IT infrastructure designs, technologies, products, and services
• Experience formulating and/or interpreting cyber threat analysis of adversary techniques, tactics, and procedures used to disrupt computer networks
• Ability to pay close attention to detail and be self-motivated
• Ability to multitask and excel in a fast-paced environment
• Beginner / Intermediate proficiency in Microsoft excel

Preferred Qualifications:

• Security certification such as CompTIA Security+, AZ-500, SC-200, PJPT, PNPT, or CISSP Associate
• Experience in healthcare, fintech, or financial services environment
• Familiarity with MITRE ATT&CK framework and threat modeling
• Scripting or automation skills (PowerShell, Python, KQL/Kusto for Azure)
• Exposure to DevSecOps practices or pipeline security tooling
• Robust conceptual and practical understanding of IT infrastructure designs, technologies, products, and services
• Excellent written and verbal communication skills, analytical ability, judgment, and the ability to work effectively with the DevOps and Engineering Support Team

Benefits:

• Medical, Dental, Vision Insurance
• 401k with 4% company match.
• Time off: Unlimited PTO , 6 days of paid sick time, plus 6 paid holidays and 1 floating holiday (from the HFD approved list).
• EPIC company culture