Senior Security Engineer

NextGen Healthcare is looking for an experienced Senior Security Engineer to join our Security Engineering team to help drive continuous improvements in NextGen’s security posture. The Senior Security Engineer will leverage automation, including nascent technologies, to increase efficiency in security operations. The ideal candidate is one who has a software engineering background, with experience in protecting against application and infrastructure security threats.

• Develop and maintain security tooling, guidelines, and standards for the Security Engineering team
• Participate in threat intelligence and forensic analysis exercises, with guidance from more senior engineers
• Work closely with application and infrastructure teams on mitigation of vulnerabilities against all cloud hosted systems
• Create and maintain thorough runbooks and incident response documentation for the Security Operations Center (SOC)
• Create and monitor correlated event dashboards in the SIEM, alerting against thresholds you develop
• Research, implement, and configure security protections for email, hosts, and identities
• Write scripts to automate manual tasks
• Create and provide training to assist new staff and internal teams

Education

• Bachelor's degree in Information Systems, Computer Science, or related discipline.
• Or any combination of education and experience which would provide the required qualifications for the position.

Experience

• 5+ years of experience in being a part of a security operations center, with focus on threat intelligence, incident response, blue team operations and SIEM query/workflow creation.
• 5+ years of experience in systems administration, software engineering, software development, or related discipline

Licenses

• CEH, SANS, ISC2 (CISM, CISSP, CCSP, etc), AWS, GCP, Azure

• Working knowledge of SOC operations and incident response procedures, such as EDR, SWG, CASB, email threat protection, SIEM and SOAR platforms, threat intelligence frameworks (like MITRE ATT&CK), vulnerability and identity management, network security tools (firewalls, IDS/IPS), Python or PowerShell scripting, cloud-native security services (AWS, Azure, GCP), forensic and log analysis, and documentation platforms for preserving security operations materials.
• Skill in: Analytical, critical thinking and problem-solving skills; troubleshooting and resolving architecture and application development issues; working as a member of a team; communicating effectively; establishing and maintaining effective working relationships.
• Ability to: Determine how a system should work and how changes in conditions, operations, and the environment will affect outcomes; demonstrate presentation skills with a high degree of comfort with both large and small audiences; work in a fast- paced environment; plan, organize, and prioritize workload and multi-task, to meet deadlines; establish and maintain effective working relationships through collaboration and respect.