Title: Cybersecurity Engineer
Employment Type: Full Time
Location: DocGo HQ: 35 West 35th Street, New York, NY 10001
Annual Salary Range: $155,000 - $170,000
Benefits: Medical, Dental, and Vision (with company contribution), Paid Time Off, 401k
About DocGo:
DocGo is leading the proactive healthcare revolution with an innovative care delivery platform that includes mobile health services, population health, remote patient monitoring, and ambulance services. DocGo disrupts the traditional four-wall healthcare system by providing high quality, highly affordable care to patients where and when they need it. DocGo's proprietary, AI-powered technology, logistics network, and dedicated field staff of over 5,000 certified health professionals elevate the quality of patient care and drive efficiencies for municipalities, hospital networks, and health insurance providers. With Mobile Health, DocGo empowers the full promise and potential of telehealth by facilitating healthcare treatment, in tandem with a remote physician, in the comfort of a patient's home or workplace. Together with DocGo's integrated Ambulnz medical transport services, DocGo is bridging the gap between physical and virtual care.
Position Overview:
As a Cybersecurity Engineer at DocGo, you will play a crucial role in safeguarding our infrastructure and protecting sensitive patient data across our mobile health services platform. Responsible for implementing robust security measures, developing vulnerability management processes, and driving secure DevOps practices, you will lead efforts to enhance our cybersecurity posture in a rapidly evolving threat landscape. Leveraging your expertise in cloud security, incident response, and compliance, you will spearhead initiatives to optimize our security operations, foster a culture of security awareness, and ensure the integrity of our innovative healthcare solutions. With a focus on proactive defense and continuous improvement, you will navigate complex regulatory requirements while collaborating with cross-functional teams to integrate security best practices throughout our software development lifecycle. Join us in making a significant impact on the security and trust of our mobile health services, as we strive to revolutionize patient care through technology.
Responsibilities:
- Strategically lead and implement cybersecurity measures across DocGo's infrastructure.
- Develop and refine vulnerability management processes, ensuring timely identification and mitigation of security risks.
- Drive the integration of security best practices into the DevOps pipeline, fostering a security culture within the organization.
- Monitor security metrics and implement continuous improvement initiatives in partnership with the IT and development teams.
- Architect and implement new security solutions aimed at enhancing our resilience and effectiveness, including the establishment of incident response protocols and threat detection procedures.
- Collaborate with third-party security vendors and manage security tool integrations to ensure a robust and layered defense strategy.
- Ensure compliance with HIPAA and other relevant healthcare security regulations, providing guidance on data protection and privacy requirements.
- Implement strategies to proactively address emerging threats, ensuring the ongoing security of our mobile health platforms and patient data.
- Collaborate with other departments to develop and implement security awareness programs that meet the needs of our diverse workforce.
- Stay informed about cutting-edge security technologies and methodologies, incorporating new approaches to strengthen our security posture.
- Maintain comprehensive documentation of security policies, procedures, and incident reports in accordance with organizational policies and legal requirements.
- Participate in planning for security initiatives, evaluate security investments, and make recommendations for resource allocation.
Qualifications:
General
- College degree in a related technology field (Computer, Engineering, Science, etc.) or comparable job experience, or strong autodidactic abilities.
- Relevant cybersecurity certifications (e.g., CISSP, CCSP, CCSK) highly preferred.
- Proven experience (5+ years) in cybersecurity roles with increasing levels of responsibility, including hands-on experience with cloud security, vulnerability management, and incident response.
- Strong technical abilities with demonstrated success in implementing and managing security tools, cloud platforms (especially AWS), and DevSecOps practices.
- Knowledge of programming languages such as Python, Go, Rust or similar.
- Specific experience with Wiz, AWS Security tools, Microsoft Sentinel and Datadog is a plus.
- Excellent problem-solving and analytical skills, with the ability to think creatively and adapt to rapidly changing threat landscapes.
- Experience with industry security frameworks (CIS, NIST CSF etc.)
- Knowledge of regulatory requirements and standards applicable to healthcare cybersecurity, particularly HIPAA.
- Commitment to maintaining high ethical standards and promoting a culture of security consciousness and professionalism.
- Able to exhibit a progression of increasingly complex job responsibilities, including project management skills, engineering remediation techniques, and project planning and implementation.
- Certifications and/or continuing education, participation in hackfests, CTF, and other regular exercises is a strong plus.
- Ability to demonstrate fluency with current topics in infosec and have a set of favorite resources for maintaining that fluency.
Security
- At least five years working in general cybersecurity.
- At least two years working specifically with application security.
- At least five years of professional experience working with software developers, in any capacity.
- At least three years of experience scripting with PowerShell, WMI, VBScript, etc., in any capacity.
- Total comfort with OWASP top 10, SAST and DAST tooling, and penetration testing.
- Nearly encyclopedic understanding of the security necessary to be in compliance with the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, and the HITECH Act.
- The ability to think sideways to develop unique and innovative approaches to problems.
- Comfort with physical security and red teaming a bonus.
Communication
- Excellent written and verbal skills in providing clear, concise, and simple technical issue/resolution documentation to audiences of different technical levels.
- Ability to work in a production environment under demanding circumstances and apply your skills, knowledge, and techniques to new circumstances, delivering high-quality work within agreed-upon deadlines.
Environment
- Excellent understanding of Microsoft Azure Active Directory services, Microsoft DNS services, Windows Server 2012-2019, TCP/IP protocol in an Ethernet environment; including knowledge of LANs, VLANs, troubleshooting, and complete understanding of TCP/IP, POP, SMTP, SFTP, SSH, HTTP, SSL, and WMI
- Experience with Cloud service providers, such as Azure, O365, and AWS
- Experience with System Center Configuration Manager
- Familiarity with VMware and Virtual Guest technologies, storage array technologies, Microsoft SharePoint, Microsoft Office 2019 suite, and Microsoft Exchange 2016
- Hands-on experience in network/server security, MFA/2FA, ADFS, RSA infrastructure, and SSL certificate implementation and management
- Experience working in ISO-27001 environments
- Knowledge of, and ability to implement and maintain, BC/DR best practices
- Perform Root Cause Analysis with the ability to analyze event logs, and system debugging.
- Ongoing audit of the environment to produce reports for external auditors and SOX Compliance.
- Produce technical and operational management documentation (system design and engineering documents, operational run books)
- Share application support responsibilities including Change Requests, Service Requests and Incidents.
- Strong experience with 3rd party tools such as Rapid7, Solar Winds, Nagios, etc., and the ability to identify and implement new tools as necessary and prudent.
- Strong network knowledge such as IP networking, LAN/WAN, VPN, firewalls, whitelisting, DNS, DHCP, etc.
- Troubleshooting mindset.