Sr. Cybersecurity Engineer

{
  "content_hash": "902539cb6a6b2b12cb853f608fbd85e0dd048e05d092f39e02ab37678534cd32",
  "source_hash": "4da51ac957eaaae67be9d5569150303a35dd7160b20e7d91a30b1a673c936deb",
  "last_changed_at": "2026-06-02T13:00:06.100Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "UNAVAILABLE, UNAVAILABLE, US",
    "city": "UNAVAILABLE",
    "region": "UNAVAILABLE",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": 150000,
  "salary_min": 130000,
  "inferred_at": "2026-06-06T19:43:34.927Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "UNAVAILABLE, UNAVAILABLE, US",
      "city": "UNAVAILABLE",
      "region": "UNAVAILABLE",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "remote",
  "salary_period": "day",
  "workplace_type": "remote",
  "salary_currency": "USD"
}

{}

{
  "json_ld": {
    "url": "https://careers-drfirst.icims.com/jobs/2428/sr.-cybersecurity-engineer/job",
    "@type": "JobPosting",
    "title": "Sr. Cybersecurity Engineer",
    "@context": "http://schema.org",
    "datePosted": "2026-04-29T04:00:00.000Z",
    "description": "<h2>About DrFirst</h2>\n<p>For 25 years, DrFirst has empowered providers and patients to achieve better health through intelligent medication management. We improve healthcare workflows and help patients start and stay on therapy with end-to-end solutions that enhance prescription access, affordability, and adherence. Our solutions help 100 million patients a year and are used by more than 420,000 prescribers, 71,000 pharmacies, 270 EHRs and health information systems, and over 2,000 hospitals in the U.S. This is a great opportunity to be a part of a successful Healthcare IT company experiencing significant growth. Here you'll get to work with some of the smartest and most interesting people around; solving unique and complex challenges in healthcare on a scale matched by a few companies. If you get excited about stretching yourself in new ways, developing yourself to your fullest potential, care about working with smart colleagues; we want to talk to you!</p>\n<h2>Position Overview</h2>\n<p>At DrFirst, we play in the major leagues. Our 5-person security team covers what most organizations staff with ten or more — not by working longer, but by working smarter. We are looking for engineers committed to advancing our security program for the benefit of our team, our customers, and the patients we serve.</p>\n<p> </p>\n<p>We are looking for a different kind of security engineer — a true engineer, not an analyst. You learn continuously and deploy often. You implement as fast as you learn, outpace your peers, and use Claude the way a top-tier engineer builds software — to accelerate delivery by offloading the repetitive and mundane. You believe results speak louder than words, and you are confident enough to show incremental progress quickly and course correct rapidly. That momentum compels you to do more — and you believe, correctly, that delivering results earns respect and reward. If you have been looking for a team worthy of what you can do — keep reading.</p>\n<h2>What you will work on</h2>\n<p>This is a domain ownership role. You report directly to the VP Security and work alongside two Principal Security Engineers (PSE1: application security, DevSecOps, AWS network; PSE2: GCP network, unified logging, corporate services, customer-facing security, incident management, and audit delivery). You own your domains, contribute to shared goals, and operate as a peer.</p>\n<p> </p>\n<p><strong>Domain</strong></p>\n<p><strong>Scope</strong></p>\n<p><strong>Cadence</strong></p>\n<p><strong>Corporate Security Operations</strong></p>\n<p>Inbox, questionnaires, VRAs, KnowBe4 training and phishing campaigns, onboarding/offboarding compliance, remote worker compliance, endpoint and allowlist controls, policy maintenance, Okta and corporate tool implementation, website and public domain compliance monitoring, data governance implementation</p>\n<p><em>Steady state</em></p>\n<p><strong>Production Alert Triage</strong></p>\n<p>AWN, SentinelOne, Proofpoint, Splunk, AWS Security Hub, GCP Security Command Center, Tenable, Zscaler (ZIA/ZPA), endpoint software detection — triage, tuning, escalation to PSE1 (infrastructure) or PSE2 (customer incidents)</p>\n<p><em>Steady state</em></p>\n<p><strong>Audit Evidence Collection</strong></p>\n<p>SOC 2 / HITRUST evidence for all controls mapping to your owned domains. PSE2 project manages; you own your evidence slice independently — April through June and August through September</p>\n<p><em>Seasonal burst</em></p>\n<p> </p>\n<p><strong>Strategic initiatives you step into from day one</strong></p>\n<p>•       Data governance — retention policy framework in progress; drive implementation by data stream and category, coordinate purge processes across email and corporate data stores</p>\n<p>•       De-identification service — service is built; drive production data through it to reduce PII/PHI retention exposure across relevant systems</p>\n<p>•       Corporate Claude environment — own the security architecture, guardrails, and governance for non-engineering staff using Claude for automation and data access via MCPs</p>\n<p><strong>How We Work</strong></p>\n<p>Our team's DNA is to use Claude to eliminate the manual, repetitive work that consumes capacity — so we can focus on what moves security forward.</p>\n<p> </p>\n<p>What that looks like in practice: a member of our security team automated vulnerability triage across 100 code repositories using Claude Code — a task that previously required manually reading through each finding to determine true vulnerability from false positive. The result was approximately 50% of their capacity freed to focus on critical work. On the compliance side, we overhauled our entire SOC control set — mapping to HITRUST i1, NIST 171, and HIPAA — and increased framework inheritance from 30% to 95%. What would have taken four weeks was completed in 72 hours. This is how we work. This is what we expect from you.</p>\n<p> </p>\n<p>You will be self-directed. With that autonomy comes the accountability to produce results early and often — closed items, not status updates. You set the goal, the strategy, and the plan, and you show momentum within days. You have a proven track record of getting other teams to prioritize your initiatives because your competency earns their respect. Security sets the strategy, Corporate Services implements, and you make that relationship work. Issues that could be closed within a few days do not get pushed two to three weeks out by default.</p>\n<p><strong>Think You Can Do This? Here Is What Day 30 Looks Like.</strong></p>\n<p>You are energized by opportunity and action. You hit the ground running. By the end of your first 30 days:</p>\n<p> </p>\n<p><strong>✓</strong></p>\n<p>Security inbox is owned and running clean — response times consistent, VRA backlog current, customer questionnaire library updated</p>\n<p><strong>✓</strong></p>\n<p>Alert triage cadence is established — first tuning improvements documented and implemented</p>\n<p><strong>✓</strong></p>\n<p>At least one Claude automation is live — not planned, not in progress — shipped, with measurable time savings</p>\n<p><strong>✓</strong></p>\n<p>At least one process improvement identified AND delivered — something nobody asked for</p>\n<p><strong>✓</strong></p>\n<p>Coming to scrums with closed items and next actions — not updates on what you are still figuring out</p>\n<p><strong>✓</strong></p>\n<p>Other teams already know your name because you reached out, made the case, and got something moving</p>\n<p><strong>✓</strong></p>\n<p>You have a clear point of view on at least one strategic initiative and have shared it with the VP</p>\n<h2>Qualifications</h2>\n<p><strong>Experience</strong></p>\n<ul>\n <li>Bachelor's Degree in Computer Science, Cybersecurity, Information Technology, or similar</li>\n <li>5+ years in cybersecurity engineering or a closely related role</li>\n <li>Hands-on operational experience with SIEM platforms, endpoint security, and cloud security tooling</li>\n <li>Demonstrated experience with AWS and GCP security monitoring — Security Hub, GCP Security Command Center, GuardDuty, or equivalent</li>\n <li>Background in SOC 2, HITRUST, or NIST 800-53; HIPAA/PHI environment experience preferred</li>\n <li>Experience completing customer security questionnaires and VRAs at a senior level</li>\n <li>Scripting or automation experience — Python, PowerShell, or Bash — applied to real operational problems</li>\n</ul>\n<p><strong>AI-Augmented Engineering — Non-Negotiable</strong></p>\n<ul>\n <li>Daily, practical use of Claude or an equivalent LLM — not experimental, not occasional</li>\n <li>Specific examples of AI measurably accelerating your output — with before/after context you can speak to in detail</li>\n <li>Ability to construct effective prompts, validate output critically, and catch errors — including knowing when Claude is wrong</li>\n <li>At least one automation built with AI tooling that eliminated repeatable manual work</li>\n</ul>\n<p><strong>Stack Experience — Preferred</strong></p>\n<ul>\n <li>AWN, SentinelOne, Proofpoint, KnowBe4, Jamf, KACE, Zscaler (ZIA/ZPA), Okta, Tenable, Splunk</li>\n</ul>\n<p><strong>Core Attributes</strong></p>\n<ul>\n <li><strong>Owns it: </strong>Takes the domain, assesses what needs to happen, and makes it happen — without waiting to be told</li>\n <li><strong>Thinks in days: </strong>Sets aggressive timelines, consults stakeholders before committing, and closes — does not default to pushing target dates out when a few focused sessions would get it done</li>\n <li><strong>Earns influence: </strong>Gets other teams to prioritize security work through competency and credibility, not escalation</li>\n <li><strong>Systems thinker: </strong>Automates before accepting manual as the default; scripting or programming background applied to security problems</li>\n <li><strong>Communicates through output: </strong>Shows up to scrums with closed items and next actions — credibility comes from work that speaks for itself</li>\n</ul>\n<h2>Physical Requirements</h2>\n<ul>\n <li>90% Desk/phone work</li>\n <li>10% Standing/moving throughout the office</li>\n</ul>\n<p>#LI-GF1 #LI-Remote </p>\n<h2>Benefits</h2>\n<p>We offer highly competitive compensation — base salary plus structured bonus — that reflects the seniority, breadth, and strategic impact of this role. Strong performers are recognized and rewarded. We invest in people who deliver results and genuinely care about advancing security for DrFirst and the patients and providers we serve.</p>\n<ul>\n <li>Competitive compensation, with a base salary of $130,000 - $150,000 (Exact compensation may vary based on skills and experience)</li>\n <li>Eligible for Company Performance-based Bonus Program, based on individual and company performance</li>\n <li>Medical, dental, and vision insurance</li>\n <li>401K eligible after 3 months of employment, with 50% company match up to first 5% of salary contributed to the plan with a 3-year vesting schedule</li>\n <li>HSA for eligible employees enrolled in the HDHP, with a generous company contribution up to $500 for individual coverage and $1000 for family coverage per year</li>\n <li>100% company-paid short and long-term disability, AD&D, and group life insurance</li>\n <li>Accrued annual paid time off (PTO) of 18 days for the first 3 years of service, increasing thereafter and 7 paid holiday days</li>\n <li>Employee Assistance Program</li>\n <li>Continuing Education funds up to $1500 annually for eligible programs after 1 year of service</li>\n <li>Voluntary benefits including FSA, Hospital indemnity, Accident and Critical Illness insurances</li>\n</ul>\n<p>DrFirst is committed to being a Remote-First company, creating a dynamic and flexible workplace where everyone can thrive, no matter where they log in from. Check out our approach to remote work https://drfirst.com/company/about-us/careers/.</p>\n<p> </p>\n<p>Our recruitment process at DrFirst is straightforward and secure. You will only be contacted by our recruitment team through an official <strong>@drfirst.com</strong> email address. <strong>We will never ask you for payment or sensitive personal information</strong>, such as your social security number or banking details, at any stage of the hiring process. Additionally, we will not request that you purchase equipment or accept e-checks or checks for deposit. <strong>If you encounter any communications claiming to be from DrFirst that seem suspicious, please contact our recruitment team directly at [email protected]</strong> to verify the message's authenticity. Your security is important to us! </p>\n<p> </p>\n<p>Learn more about our benefits and professional development opportunities https://drfirst.com/company/about-us/careers/the-perks/.</p>",
    "directApply": true,
    "jobLocation": [
      {
        "@type": "Place",
        "address": {
          "@type": "PostalAddress",
          "postalCode": "UNAVAILABLE",
          "addressRegion": "UNAVAILABLE",
          "streetAddress": "UNAVAILABLE",
          "addressCountry": "US",
          "addressLocality": "UNAVAILABLE",
          "postOfficeBoxNumber": "UNAVAILABLE"
        }
      }
    ],
    "validThrough": "2027-04-29T04:00:00.000Z",
    "employmentType": "FULL_TIME",
    "jobLocationType": "TELECOMMUTE",
    "hiringOrganization": {
      "name": "DrFirst Inc.",
      "@type": "Organization",
      "sameAs": "www.drfirst.com"
    },
    "occupationalCategory": "Provider Solutions"
  },
  "detail_meta": {
    "url": "https://careers-drfirst.icims.com/jobs/2428/sr.-cybersecurity-engineer/job?in_iframe=1",
    "http_status": 200,
    "content_type": "text/html;charset=UTF-8",
    "response_bytes": 65137,
    "compact_response_bytes": 13270,
    "original_response_bytes": 65137
  },
  "sitemap_job": {
    "id": "2428",
    "url": "https://careers-drfirst.icims.com/jobs/2428/sr.-cybersecurity-engineer/job",
    "slug": "sr.-cybersecurity-engineer",
    "lastmod": "2026-06-02T08:20:19-04:00"
  },
  "detail_errors": []
}