Skip to content

Sr. Information Security Engineer - Security Operations

Sr. Information Security Engineer - Security Operations
Reports to:

As a member of CAQH's Information Security Incident Response team, the Sr. Information Security Engineer – Security Operations will coordinate the response activities for cyber security incidents across the corporate environment.

Position Description

As a member of CAQH's Information Security Incident Response team, the Sr. Information Security Engineer – Security Operations will coordinate the response activities for cyber security incidents across the corporate environment. The successful candidate will focus on reviewing, triaging, analyzing, remediating, and reporting on cyber security incidents. The individual will be the escalation point for Security Operations Center (SOC) analysts, and as such, will manage validated cyber security incidents, in accordance with the Information Security Incident Response Plan. The successful candidate will perform functions such as log analysis, conduct in-depth technical analysis of network traffic and endpoint systems, enrich data using multiple sources, and be responsible for rapid handling and mitigation of cyber security incidents.

The Sr. Information Security Engineer – Security Operations is a full-time, remote, exempt position and reports to the CISO.

Specific Responsibilities

  • Conducts investigations and responds to internal and external Information security threats.
  • Implements advanced security monitoring techniques to identify malicious behavior on SaaS, cloud systems, network, and endpoints.
  • Manages, administrates, and improves security monitoring products for DLP, SIEM, EDR, Cloud Security products, IDS and other security technologies.
  • Develops automation response scripts to remediate threats.
  • Performs threat hunting activities to identify compromised resources.
  • Performs threat research and intelligence gathering to improve detection and response capabilities.
  • Maintains operational playbooks, process diagrams and documentation for security monitoring and response.
  • Reviews proposed Security deployments to ensure security monitoring requirements are met.
  • Provides off-hour support as needed for security monitoring and response activities.
  • Experience leveraging common scripting languages, including PowerShell or Python, to parse logs and automate repeatable tasks

 Incident Response

  • Works closely with MDR services, external forensic providers, and in house IT teams to respond to and remediate security incidents both internal and external.
  • Reviews compromised systems to identify root cause of security incidents and takes remediation actions
  • Research new TTPs (tactics, techniques, and procedures) that threat actors are utilizing to undermine enterprise IT environments.
  • Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable swift remediation.
  • Plans, implements, and documents incident handling and response tasks and procedures.

Emerging Threats Monitoring:

  • Obtains information and stays up to date on the latest threats and security trends in a fast and efficient way to keep the enterprise environment protected.
  • Assists in the investigation and resolution of security issues.
Knowledge, skills and abilities
  • Fundamental understanding of security tools such as SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, WAFs, DDoS protection, VPN, EDR, and firewalls.
  • Programming and Scripting: Ability to write scripts in languages like Python, Bash, or PowerShell to automate tasks and analyze data.
  • Incident Handling and Response: Knowledge of incident response processes, from detection and analysis to containment, eradication, and recovery.
  • Cybersecurity Laws and Regulations: Understanding of laws and regulations related to data protection and privacy (e.g., HIPAA).
  • Risk Assessment and Management: Ability to assess, prioritize, and manage risks associated with cybersecurity threats.
  • 5+ years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
  • 5+ years of working experience with Information Security, Network Security, and Security Monitoring and Incident Response.
  • GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certification(s) preferred.
  • Network / System Administration experience / background preferred.
  • Advanced Cloud knowledge - Microsoft Azure preferred.

Bachelor’s degree in computer science degree or related field preferred.

What You Get

CAQH recognizes that its most important asset is its growing team of smart, creative, collaborative, forward-thinking and passionate professionals – and that a comprehensive employee benefits package is an important factor for them in choosing where to work. CAQH offers competitive compensation along with an extensive benefits package for all full-time employees, including medical, dental and vision coverage, tuition assistance and a 401k. We offer full-time remote work to all staff from any location and maintain a physical office in downtown Washington, DC.

At CAQH, we are proud of our active commitment to Diversity, Equity, and Inclusion (DEI). Our DEI committee works diligently to foster an inclusive workplace where all individuals are valued, respected, and empowered. We embrace diverse perspectives and are dedicated to providing equal opportunities for everyone to thrive. Join us in our mission to transform healthcare through innovative technology solutions while making a positive impact on the lives of diverse communities.

CAQH is an equal opportunity employer. It is our policy to recruit, hire, train, and promote individuals, as well as administer any and all personnel actions, without regard to race, color, religion, sex, national origin or ancestry, age, marital status, disability, protected veteran status, personal appearance, sexual orientation, gender identity or expression, familial status, family responsibilities, matriculation, political affiliation, genetic information, source of income, place of residence, or any other characteristic protected by law. CAQH will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.

Applicants have rights under the Family Medical Leave Act (FMLA)Equal Employment Opportunity (EEO), and the Employee Polygraph Protection Act (EPPA). If you are interested in applying for employment with CAQH and need an accommodation to apply for a posted position, contact CAQH Human Resources at 202-517-0436.

Who We Are

Named one Modern Healthcare’s “Best Places to Work,” CAQH has helped nearly 1,000 health plans, 2+ million providers, government entities and vendors connect, exchange information and operate more efficiently. CAQH technology-enabled solutions and its Committee on Operating Rules for Information Exchange (CORE) bring the healthcare industry together to make sharing business information more automated, predictable, and consistent. CAQH Insights researches opportunities to reduce the burden of manual processes in healthcare administration.