Description
Why We Need You - The Mission Medisolv is a national leader in healthcare quality data management solutions for hospitals and providers. Its all-in-one quality management platform, ENCOR, helps healthcare organizations advance patient care by measuring and improving their performance on more than 500 national quality and safety measures, including those required by the Centers for Medicare and Medicaid, The Joint Commission, private payers, and state agencies. Medisolv now serves more than 1,800 hospitals and 15,000 providers nationwide. As part of a recent investment by Bessemer Venture Partners Forge in 2023, the company is undergoing a period of transformation and growth.
We are looking for someone who has a passion for information security in healthcare, and is eager to be a contributing member of our information security operations team. This role will be responsible for ensuring the confidentiality, integrity, and availability of our products and data assets, as well as compliance with relevant regulations and standards.
What You'll Accomplish - Your Performance Objectives In your first 30 days, you will onboard and get to the know the people, products and departments that make Medisolv run. - Familiarize yourself with our current Information Security Program, including all processes, procedures, and playbooks.
- Acquaint yourself with our current team members, Medisolv's infrastructure, and applications.
In your first 3 months, you will - Assist in the assessment of tool capability, performance, and effectiveness.
- Support the implementation of new technologies and equipment.
- Assist in the HITRUST process by gathering required evidence for IT and security controls.
- Troubleshoot security tools for hardware, configuration, and performance issues; troubleshoot and resolve communications issues; install agent software; configure applications and agents.
- Assist in the capture of vulnerabilities and remediation tracking of 3 party penetration scans.
In your first 6 months, you will - Manage access controls of test systems, development systems, VPN, and Azure (cloud) services.
- Provide logistical support for tool deployments, including implementing network and infrastructure changes.
- Provide support for systems administration tasks such as patching, updating equipment, maintaining network infrastructure, provisioning, and supporting virtual machines.
- Provide support, vulnerability monitoring, and remediation tracking with static code scanning systems.
- Lead various required security audits and produce summaries.
In your first 12 months, you will - Lead the effort of streamlining and automating the Medisolv CD/CI pipeline for all applications.
Required Qualifications: - Experience with Microsoft Azure ( or equivalent AWS and GCP experience)
- Terraform/Infrastructure as a Service
- Solid understanding of typical developer workflows
- Solid understanding of network architecture to identify security vulnerabilities
- Experience with identifying, investigating and mitigating common attack vectors like DDoS, MITM, XSS, SQL Injections, Session Hijacking etc.
- Excellent written and verbal communication skills
- Bachelor's degree in computer science or related field and 3+ years of experience in DevSecOps or DevOps or similar automation roles.
- Professional and technical certification programs may be substituted for years of education
- Proven experience and references can also be substituted for years of education
Preferred Qualifications - Experience with Kubernetes and its security practices
- CISSP or CISSM
Who We're Looking For - The Personal Competencies That Matter You are a doer. You take initiative and enjoy driving tasks from inception to completion. You probably have a strong bias for action and may even become frustrated when things come to a stalemate. You use this frustration in a positive manner to drive towards a solution in order to move things forward.
Collaborative. You have empathy for your colleagues. You demonstrate and influence cross-functional collaboration within the company and seek out opportunities to build relationships with others even when difficult personalities or politics stood in the way.
Flexibility. You understand that at growth stage companies, things will evolve, and you may have to be flexible in your approach and in your expectations. You are open-minded and adapt well to changing environments as a company grows and scales.
Growth Mindset. You love a challenge. You are intellectually curious and love to figure out how things work. You have a diverse set of interests inside and outside of work. You can articulate areas where you have worked hard on improving yourself over time.
Resilient. You embrace change. You are optimistic. It's not how many times you get knocked down; it's how many times you get up.
How to be a Medisolver - Our Values - Customer Success Obsession
- All-Star Team Collaboration
- Continuous Improvement through Curiosity & Data-Driven Learning
- Courage with Kindness
- Execution Focus. We Do Business, Not Just Talk Business
Candidates must successfully complete a pre-employment background check and be legally authorized to work in the United States, as sponsorship is not available. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights notice from the Department of Labor.
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)