{"id":861,"date":"2025-12-18T10:09:19","date_gmt":"2025-12-18T10:09:19","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=861"},"modified":"2025-12-18T10:09:22","modified_gmt":"2025-12-18T10:09:22","slug":"information-security-engineer-security-operations-appsec","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/information-security-engineer-security-operations-appsec\/","title":{"rendered":"Information Security Engineer \u2013 Security Operations &#038; AppSec"},"content":{"rendered":"\n<p>\u200bThis is a full-time, <strong>Remote-First<\/strong> role at Bamboo Health, a leader in Real-Time Care Intelligence. This position is a technical &#8220;hybrid&#8221; role within the <strong>Security Operations (SecOps)<\/strong> team, blending application security, cloud defense, and incident response. You will protect a platform that impacts over 1 billion patient encounters annually, requiring a high degree of focus on <strong>HIPAA and HITRUST<\/strong> compliance.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Location:<\/strong> Remote-First (US).<\/li>\n\n\n\n<li>\u200b<strong>Experience Required:<\/strong> Bachelor\u2019s degree or <strong>5+ years<\/strong> of equivalent professional experience.<\/li>\n\n\n\n<li>\u200b<strong>Core Focus:<\/strong> Web application penetration testing, vulnerability management, and security automation.<\/li>\n\n\n\n<li>\u200b<strong>On-Call:<\/strong> Participation in the incident response on-call rotation is required.<\/li>\n\n\n\n<li>\u200b<strong>Compliance Environment:<\/strong> SOC 2, HIPAA, HITRUST, and ISO 27001.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Responsibilities: Proactive Testing and Reactive Response<\/h2>\n\n\n\n<p>\u200bThe Engineer serves as a technical partner across the software development lifecycle, ensuring that security is &#8220;baked in&#8221; rather than bolted on.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bVulnerability Management and Pentesting<\/h3>\n\n\n\n<p>\u200bYou will manage infrastructure, container, and API vulnerabilities through <strong>Dynamic Application Security Testing (DAST)<\/strong> and manual penetration testing. This includes performing root-cause analysis and threat modeling to prioritize remediation efforts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bCloud and Kubernetes Security<\/h3>\n\n\n\n<p>\u200bThe role involves securing applications hosted in automated <strong>Kubernetes<\/strong> platforms and cloud environments (AWS, Azure, or GCP). You will be responsible for ensuring that containerized workloads meet strict security standards.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bDFIR and Detection Engineering<\/h3>\n\n\n\n<p>\u200bYou will support the <strong>Digital Forensics and Incident Response (DFIR)<\/strong> process, including monitoring events, containment of threats, and remediation. A major part of the role is developing automation scripts to streamline these operations and improve detection logic.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bSecurity Advocacy and SDLC<\/h3>\n\n\n\n<p>\u200bPartnering with development teams is essential. You will advocate for secure coding practices and ensure that security checkpoints are integrated into the <strong>Software Development Lifecycle (SDLC)<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Technical Skills<\/h2>\n\n\n\n<p>\u200bBamboo Health is looking for a versatile engineer who can code, test, and respond to threats with equal proficiency.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Security Testing:<\/strong> Practical experience with <strong>DAST<\/strong> tools and manual web application penetration testing.<\/li>\n\n\n\n<li>\u200b<strong>Operating Systems:<\/strong> Intermediate proficiency with <strong>Linux, macOS, and Windows<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Cloud Mastery:<\/strong> Foundational knowledge of cloud platforms and experience securing <strong>Kubernetes<\/strong> or containerized environments.<\/li>\n\n\n\n<li>\u200b<strong>Automation:<\/strong> Intermediate understanding of scripting languages like <strong>Python, PowerShell, or Bash<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Compliance Knowledge:<\/strong> Familiarity with healthcare-specific frameworks such as <strong>HIPAA and HITRUST<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Communication:<\/strong> Ability to articulate technical risk and business rationale to both engineers and stakeholders.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bThe First Year: Roadmap to Success<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Months 1\u20133:<\/strong> Mastery of internal tools; supervised vulnerability scanning; integration into the on-call rotation.<\/li>\n\n\n\n<li>\u200b<strong>Months 4\u20136:<\/strong> Independent web application penetration testing; management of the automated phishing training program.<\/li>\n\n\n\n<li>\u200b<strong>Months 7\u201312:<\/strong> Leading the system-wide vulnerability management program; implementing security automation to replace manual procedures.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a full-time, Remote-First role at Bamboo Health, a leader in Real-Time Care Intelligence. This position is a technical &#8220;hybrid&#8221; role within the Security Operations (SecOps) team, blending application security, cloud defense, and incident response. You will protect a platform that impacts over 1 billion patient encounters annually, requiring a high degree of focus [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[43],"jobpost_job_type":[39],"jobpost_location":[1041],"jobpost_tag":[3943,3942,3945,2579,1261,3180,1232,24,81,3944],"class_list":["post-861","jobpost","type-jobpost","status-publish","hentry","jobpost_category-it","jobpost_job_type-remote","jobpost_location-united-states","jobpost_tag-appsec","jobpost_tag-bamboo-health","jobpost_tag-dast","jobpost_tag-hipaa-hitrust","jobpost_tag-incident-response","jobpost_tag-information-security-engineer","jobpost_tag-kubernetes","jobpost_tag-python","jobpost_tag-remote","jobpost_tag-secops"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=861"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=861"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=861"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=861"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}