Senior Security Engineer

At Bluesight, our mission is to create groundbreaking solutions that increase efficiency, safety and visibility for health systems, hospital pharmacy, and pharmaceutical manufacturers.  We empower our customers to deliver the right medicine to the right patient at the right time, every time.  We are a high growth healthcare information technology company with a start-up 'vibe' but over 2,000 customers using our proven solutions.

Bluesight is looking for a talented and experienced Senior Security Engineer to join our team. As a member of the team, you can expect to work in a highly visible, cross-functional role. As an engineer on this team, you’ll play an advisory role across the whole company, and you’ll help all Bluesight product teams build secure-by-default architectures, triage issues, and remediate vulnerabilities on their systems.

As Senior Security Engineer, you’ll be responsible for building scanning and threat detection systems to monitor Bluesight’s AWS cloud deployment and other digital assets. You’ll train all Bluesight employees on security best practices, conduct risk assessments of new vendor integrations and product launches, and develop internal protocols, controls, and relationships to ensure customer assurance and trust. Most importantly, you’ll build and maintain core standards around security, privacy, and confidentiality, reflected in our compliance certifications, and the automation to monitor and enforce these standards across Bluesight.

We’re excited to share with you our passion for building scalable and secure products for our healthcare customers. Your perspective and experience will help shape our team’s goals. You will be responsible for contributing to, operating, and improving all things related to our security and compliance requirements for SOC2, HIPAA, CGMP.

Bluesight is a fully remote company, this position and open to qualified applicants in the continental United States who are eligible to work in the United States without Visa sponsorship.

• Build and manage, well-architected and relevant cloud-based data classification and threat detection systems for assessing and resolving risk vectors
• Partner with internal product teams to implement a secure-by-default design into their own products
• Perform security audits and risk assessments, identify vulnerabilities, and create plans and preventative measures to protect against threats. 
• Assist with responses to customer questions, questionnaires, and contract issues regarding compliance and security.
• Conduct reviews, train employees and advise on matters related to security and compliance across Bluesight
• Lead security incident response teams and partner with Bluesight engineering teams to understand and resolve incidents that arise 
• Promote a culture of operational excellence by monitoring our systems and code, and being on-call to support the health of our services
• Design security policies and procedures that will keep pace with the rapid growth of Bluesight
• Document your work and decision-making processes, and lead presentations and discussions in a way that is easy for others to understand
• Uphold a culture of collaboration, transparency, creativity, inclusion, and making data-driven decisions

• 5+ years of experience in product or infrastructure security-related software engineering roles
• Proficiency in a programming language, testing practices, and thorough documentation
• Expertise with multiple technologies in the Bluesight Security System and our infrastructure as required: Cloud-based IaaS Systems - AWS required, Vulnerability Mgmt. and Scanning (such as Nessus, OpenVAS)SIEM and logging technology (such as Splunk, Elastic, LogRhythm, SolarWinds)Enterprise VPN (such as Cisco AnyConnect, Fortinet VPN, Palo Alto Global Protect)Host-based security tools (such as Sophos, ClamAV, Wazuh/OSSEC, Tripwire)
• Experience developing, implementing, and monitoring internal practices for SOC2, HIPAA or ISO information security compliance standards
• Ability to represent Bluesight’s security posture and the maturity of our operations to customers
• Subject matter expertise in security best practices and the ability to quickly make correct risk assessments that prioritize the overall benefit to the company
• Track record of building self-service and high-quality tools with a customer-driven mindset
• A desire to share your expertise through documentation and mentorship
• A desire to work with individuals with diverse security ideas and priorities
• Autonomy and proactivity around driving work to completion in the face of ambiguity

• Experience with cybersecurity frameworks such as NIST 800-53, CIS and CSF
• Experience securing data in a regulated industry (HIPAA, FDA CGMP)
• Any code, writing or projects that are public or shareable demonstrating your experience, understanding or approach to security and compliance

This position is a remote position and open to applicants in the continental United States.

Why Bluesight?

Bluesight’s culture is built on innovation and teamwork. There’s room to grow and opportunities to take initiative. You will partner with sharp, motivated teammates looking to disrupt a massive industry—and have fun doing it.  We truly believe that where you work and what you do matters.  Join us as we revolutionize the hospital pharmacy landscape!

-Competitive salary

-Time off when you need it – unlimited vacation days!

-Generous insurance coverage

-401k program with a company match

-Fun, collaborative culture!

EOE AA M/F/VET/Disability

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, religion, color, national origin, sex, protected veteran status, disability, or any other basis protected by federal, state or local laws.