Information Security Engineer - Remote

Overview

In this role, you will work with technical and nontechnical peers to achieve confidentiality, integrity and availability of data and systems. You will partner with the compliance team to ensure organizational compliance with applicable laws and regulations. In addition, you will work closely with the Enterprise IT team to ensure the security of endpoints, systems, and networks. The Information Security Engineer will also work with the product team to ensure the implementation of the security by design concept as an integral part of practices.

You will be directly supported by the Head of Information Security to build, maintain, and enhance a functional and effective cybersecurity program to protect GeneDx and to enable the business to utilize technology in a secure way.

In Short

• Design, configure, implement, monitor, and maintain security engineering service platforms to ensure the protection of systems and data.
• Provide expert security input during engineering, IT infrastructure, and application design reviews.
• Identify and address threats and attack vectors, including XSS, SQL injection, session hijacking, and social engineering.
• Create and maintain standard operating procedures (SOPs), security policy documents, and baselines.
• Conduct internal security audits across diverse business units.
• Configure, enhance, and analyze logs and events using SIEM solutions (e.g., Splunk, Azure Sentinel).
• Design and implement robust cloud security measures, including identity and access management, encryption, and network security.
• Conduct vulnerability assessments and penetration testing for web applications.
• Collaborate with development, operations, and IT teams to integrate security into the software development lifecycle (SDLC).
• Lead incident response efforts, including investigation, mitigation, and post-incident analysis to enhance organizational resilience.

Requirements

• 5-7 years of experience in public cloud security, including AWS, Azure, and Oracle Cloud Infrastructure (OCI).
• Hands-on experience with DevOps practices and security integration into CI/CD pipelines.
• Expertise in conducting HIPAA, SOC2, and SOX assessments/audits.
• Advanced experience with security tools such as next-gen firewalls, WAFs, endpoint security, encryption, email filtering, and data loss prevention solutions.
• Strong engineering skills with Windows Server environments, DNS, DHCP, Active Directory, and network switching.
• Experience in configuring and managing SIEM platforms like Splunk, SumoLogic or Azure Sentinel.
• Demonstrated experience implementing Risk Management Frameworks (e.g., NIST RMF or equivalent).

Benefits

• Paid Time Off (PTO)
• Health, Dental, Vision and Life insurance
• 401k Retirement Savings Plan
• Employee Discounts
• Voluntary benefits