Cybersecurity Engineer

About DrFirst

For 25 years, DrFirst has empowered providers and patients to achieve better health through intelligent medication management. We improve healthcare workflows and help patients start and stay on therapy with end-to-end solutions that enhance prescription access, affordability, and adherence. Our solutions help 100 million patients a year and are used by more than 420,000 prescribers, 71,000 pharmacies, 270 EHRs and health information systems, and over 2,000 hospitals in the U.S. This is a great opportunity to be a part of a successful Healthcare IT company experiencing significant growth. Here you'll get to work with some of the smartest and most interesting people around; solving unique and complex challenges in healthcare on a scale matched by a few companies. If you get excited about stretching yourself in new ways, developing yourself to your fullest potential, care about working with smart colleagues; we want to talk to you!

Position Overview

We're seeking a proactive Cybersecurity Engineer to strengthen our security posture across audit compliance, cloud infrastructure, corporate security support, and AI-driven security initiatives. This role requires deep technical expertise, project management skills, and the ability to collaborate effectively across teams.

Who will love this job

• An Innovator: who thinks outside the box to introduce new methods, ideas, and products
• A Problem solver: who is passionate about using technology to solve complicated problems, and harnessing the power of data to adopt new tactics to enhance efficiency and scalability
• A Team builder: who enjoys coaching developers, product owners and other security team members in understanding security principles; attracting and retaining A-players
• A Trusted advisor: someone with strong leadership acumen who always strives to do better tomorrow than today, and continuously improve DrFirst security program
• A Driver: who works with purpose and passion; someone who will elevate our technical teams through new perspectives, ideas, and solutions
• A Collaborator: who can navigate internal teams together to deliver best in class products contributing to DrFirst’s market share and profitability targets.

What you will work on

Audit Leadership (25%)

• Work with cross-org stakeholders to implement and monitor AI-specific controls based on NIST A1 600 and HITRUST AI Certification
• Lead evidence collection for certified audits using security read-only access to production systems
• Coordinate with departmental subject matter experts to ensure timely audit completion
• Apply technical expertise to streamline audit processes and maintain compliance

Cloud Security & Monitoring (25%)

• Conduct internal audits of AWS and GCP configurations for security compliance
• Recommend cloud settings to optimize security and operational efficiency
• Fine-tune security alerts to minimize false positives and maximize actionable intelligence

Corporate Security Support (25%)

• Complete customer security questionnaires promptly and accurately
• Maintain current knowledge of product security controls and changes
• Develop and maintain NIST 800-53 control frameworks for proactive customer sharing
• Execute Vendor Risk Assessments (VRAs) with focus on emerging trends and preferred vendor guidance

AI Security Program Development (25%)

• Monitor AI-driven security developments and implementation best practices
• Understand evolving AI security governance frameworks and compliance requirements
• Implement AI security monitoring systems and respond to compliance alerts

Qualifications

Technical Skills

• Deep expertise in AWS and GCP security configurations
• Strong understanding of NIST 800-53 and security compliance frameworks
• Experience with security monitoring tools and alert management
• Scripting abilities for automation (Python, PowerShell, or similar)

Core Competencies

• Exceptional critical thinking and problem-solving skills
• Proven project management experience from concept to implementation
• Strong cross-functional collaboration and influence skills
• Detail-oriented with ability to manage competing priorities
• Professional judgment to focus on high-impact activities

Experience Requirements

• 5+ years in cybersecurity engineering or related field
• Experience with certified security audits (SOC 2, ISO 27001, HITRUST)
• Background in cloud security architecture and monitoring
• Track record of process improvement and automation initiatives

Preferred Qualifications

• Security certifications (CISSP, CCSP, AWS Security, GCP Security)
• Experience with AI/ML security frameworks
• Background in vendor risk assessment processes
• Previous experience in customer-facing security communications

Physical Requirements

• 90% Desk/phone work
• 10% Standing/moving throughout the office

Benefits

• Competitive compensation, with a base salary of $130,000 - $150,000 (Exact compensation may vary based on skills and experience)
• Eligible for Company Performance-based Bonus Program, based on individual and company performance
• Medical, dental, and vision insurance
• 401K eligible after 3 months of employment, with 50% company match up to first 5% of salary contributed to the plan with a 3-year vesting schedule
• HSA for eligible employees enrolled in the HDHP, with a generous company contribution up to $500 for individual coverage and $1000 for family coverage per year
• 100% company-paid short and long-term disability, AD&D, and group life insurance
• Accrued annual paid time off (PTO) of 18 days for the first 3 years of service, increasing thereafter and 7 paid holiday days
• Employee Assistance Program
• Continuing Education funds up to $1500 annually for eligible programs after 1 year of service
• Voluntary benefits including FSA, Hospital indemnity, Accident and Critical Illness insurances

DrFirst is committed to being a Remote-First company, creating a dynamic and flexible workplace where everyone can thrive, no matter where they log in from. Check out our approach to remote work https://drfirst.com/company/about-us/careers/.

Our recruitment process at DrFirst is straightforward and secure. You will only be contacted by our recruitment team through an official @drfirst.com email address. We will never ask you for payment or sensitive personal information, such as your social security number or banking details, at any stage of the hiring process. Additionally, we will not request that you purchase equipment or accept e-checks or checks for deposit. If you encounter any communications claiming to be from DrFirst that seem suspicious, please contact our recruitment team directly at recruiter@drfirst.com to verify the message's authenticity. Your security is important to us!

Learn more about our benefits and professional development opportunities https://drfirst.com/company/about-us/careers/the-perks/.