At Wellframe, we reimagine healthcare relationships through a new approach that uses high-tech to deliver the high-touch support people need, when and where they need it. We call it Digital Health Management. Our comprehensive suite of Digital Health Management solutions for care management, advocacy, and navigation help organizations forge more meaningful connections with members, across their healthcare journey.
Wellframe was founded to counter a pressing industry problem: the healthcare system has struggled to find ways to support people in between care settings, at scale. We believe health plans are in the best position to advocate for their members as they navigate their health and care, but know that technology alone cant help us achieve this ambition. Thats why our team of physicians, clinicians, public health experts, data scientists, engineers, and healthcare industry experts ensure our patented technology works in service of the person-to-person connections that make healthcare work best.
The Security and IT teams are responsible for protecting company resources, as well as enabling users to work efficiently with technology solutions and hardware. This role will work closely with IT, DevOps, Engineering, Product, and our hardware and software to protect our products and assets.
Areas of Responsibility:
Security Operations - 80%
- Design, implement, configure, and support security solutions; for example; Security Information Event Management (SIEM), Data Loss Prevention (DLP), Mobile Device Management (MDM), Identity and Access Management (IAM), Endpoint Detection & Response (EDR)
- Monitor security alerts and provide oversight
- Assess, triage, prioritize, and resolve information from various monitoring and logging systems
- Conduct vulnerability and penetration assessments, organize and track mitigation of findings
- Participate in Incident Response, Disaster Recovery, and Business Continuity programs
- Assist in digital forensic activities as needed to collect, preserve, analyze, and present security evidence
- Review industry-accepted sources of information to stay aware of emerging threats and to propose solutions
- Review findings from external tools to bolster Wellframes security position
Other Responsibilities 20%
- Assist in the development, documentation, and dissemination of information security guidance describing security requirements and standards for organizational information systems and architecture
- Promote security awareness throughout company
- Assist in other projects and tasks as assigned
Education, Experience, and Skills Required:
- 5+ years of related experience in internal auditing and information security roles
- Bachelor Degree in Computer Science, Information Security, Information Technology or related discipline, or equivalent combination of education and experience required
- Experience with tools such as Splunk, CrowdStrike, Prisma Access, Nessus, Google Cloud, Kali Linux, BitSight, SecurityScorecard, Okta, Jamf, MacOS & Cisco Meraki strongly preferred
- Security certification (OSCP, CEH, CISSP) preferred
- Experience investigating cybersecurity events and incidents using a full suite of alerting and response tools, digital forensic or malware analysis tools
- Confidence with industry best practices for Cloud security (e.g. CSA Security Trust Assurance and Risk, CIS Benchmarks, NIST Framework, OWASP Top 10, MITRE [email protected])
- Data analysis experience relating to alerts and logging
- Experience working within a regulated industry with preference given to healthcare
- Experience working with software development and continuous integration
- Some off hours work and travel may be required
Behavior and Traits:
- Demonstrated ability to operate as a trusted security advisor
- Excellent technical skills and ability to effectively assess, establish, and protect systems
- Strong written and verbal communication skills
- Support Wellframes mission by exhibiting Tenacity, Humility, and Collaboration
Wellframe, Inc. is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status or any other characteristic protected by local, state, or federal laws, rules, or regulations.
This posting is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee and any percentages listed are approximate. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.