Senior Security Engineer - Revo Health

A Senior Security Engineer is responsible for the design, implementation, and maintenance of robust security solutions to protect information systems and assets. This role requires extensive expertise in identifying, analyzing, and mitigating security threats, collaborating across departments, and leading initiatives to strengthen the overall security posture. This role plays a pivotal role in shaping security strategies, mentoring junior staff, and ensuring compliance with industry standards and regulations.

This is a full-time position working M-F between the hours of 8:00 am - 5:00 pm out of our Corporate Office in Bloomington, MN.

Revo Health is a professional services company that partners with multiple healthcare groups to deliver exceptional patient care. This position will be employed through Revo Health, working closely with Infinite Health Collaborative (i-Health) and its operating divisions.

• Security Architecture & Design: Develop, review, and enhance security architectures for applications, networks, and systems. Create secure-by-design solutions that anticipate evolving threats and business requirements.
• Threat Analysis & Risk Management: Conduct comprehensive security risk assessments. Identify vulnerabilities, evaluate threats, and recommend appropriate countermeasures. Prioritize risks based on business impact and likelihood.
• Incident Response & Investigation: Lead the response to security incidents, including detection, containment, eradication, recovery, and post-mortem analysis. Collaborate with legal, compliance, and IT teams to document incidents and implement lessons learned.
• Security Operations: Oversee daily security monitoring, log analysis, and the maintenance of security tools such as SIEM, firewalls, IDS/IPS, DLP, and endpoint protection platforms. Investigate and resolve alerts and anomalous behavior.
• Vulnerability Management: Plan and execute regular vulnerability scans and penetration tests. Lead remediation efforts and validate fixes. Communicate findings and recommendations to both technical and non-technical stakeholders.
• Policy & Compliance: Develop and update security policies, standards, and procedures. Ensure compliance with laws, regulations, and industry frameworks (such as ISO 27001, NIST, SOC 2, PCI DSS, HIPAA, or GDPR).
• Security Awareness & Training: Lead the creation and delivery of security awareness programs for staff. Mentor and train junior engineers and other staff on security best practices.
• Collaboration & Leadership: Work closely with cross-functional teams, including software development, IT operations, and executive leadership. Influence security culture and advocate for secure practices throughout the organization.
• Continuous Improvement: Stay abreast of emerging threats, vulnerabilities, and technologies. Recommend and implement improvements to security processes, tools, and controls.
• Data Governance: Implement and manage Microsoft Purview solutions to ensure comprehensive data governance across the organization. This includes defining and enforcing policies for data classification, retention, and access control.
• Third-Party Security: Assess the security posture of vendors and partners. Participate in risk assessments related to third-party relationships.
• Project Management: Lead security projects from conception to completion. Develop project plans, track progress, and ensure timely delivery of objectives.
• Documentation: Maintain thorough documentation of security architectures, controls, incidents, and compliance activities. Prepare reports and metrics for executives and auditors.

Education and Experience Requirements:

• Bachelor's degree or equivalent certifications in Computer Engineering, Information Technology, or Cybersecurity related field. Equivalent experience may be considered.
• Experience: Minimum of 5-7 years in information security or a related discipline, with significant hands-on experience in security engineering roles.
• Certifications: Industry-recognized certifications such as CISSP, CISM, GIAC, OSCP, CEH, or related credentials are highly desirable.
• Proficiency with security technologies and platforms (e.g., SIEM, firewalls, IDS/IPS, endpoint protection, vulnerability scanners, EDR/XDR, and encryption tools).
• Strong understanding of networking concepts, protocols, and architectures (TCP/IP, DNS, VPN, VLAN, etc.).
• Experience with identity and access management (IAM), multi-factor authentication, and privileged access controls.
• Familiarity with automation and scripting languages (Python, PowerShell, Bash, etc.).
• Proficiency with Microsoft Defender and Microsoft Purview.
• Understanding of data privacy principles and regulatory requirements.

Benefits & Compensation:

• Actual starting pay will vary based on education, skills, and experience.
• We offer a comprehensive Medical, Dental & Vision Plan, Maternity Bundle, 401K with Profit Sharing, Tuition Reimbursement, Gym & Car Rental Discounts - to learn more clickhere.

Essential Requirements:

Ability to:

• Comply with company policies, procedures, practices, and business ethics guidelines.
• Complete job required training.
• Comply with all applicable laws and regulations, (e.g. HIPAA, Stark, OSHA, employment laws, etc.)
• Demonstrate prompt and reliable attendance
• Work in the clinic, office, or surgery center during business hours
• Travel independently throughout the clinic, office, or surgery center (which may include movement from floor to floor); frequent bending, lifting, standing, stooping or sitting for long periods of time may be required
• Work at an efficient and productive pace, handle interruptions appropriately and meet deadlines
• Communicate and interact in a respectful and professional manner
• Prioritize workload while being flexible to meet the expectations of the daily operations
• Apply principles of logical thinking to define problems, establish facts, and draw valid conclusions
• Understand and execute a variety of instructions
• Effectively operate equipment and communicate on and operate the phone system
• Work independently with minimal supervision
• Travel to other work locations, if required

Performance Expectations - Revo Health's Core Values:

• Integrity - Do the right thing and take responsibility for what you do and say
• Service - Consistently contribute to deliver an exceptional experience
• Quality - Act with high purpose, committed effort, and skillful execution to exceed expectations
• Innovation - Identify progressive solutions that improve service, teamwork, efficiency, and/or effectiveness
• Teamwork - Be a part of the whole; support each other positively

Notes:

• Revo Health is an Equal Opportunity/Affirmative Action Employer and will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990 and the ADA Amendments Act of 2008.
• We participate in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: http://www.uscis.gov/e-verify/employees
• This position description will be reviewed periodically as duties and responsibilities change with business necessity. Essential and Additional Job Functions are subject to modification.