DrFirst, Inc. is a Healthcare IT company that has been empowering providers and patients for 25 years through intelligent medication management. They are seeking a Cybersecurity Engineer to join their security team, where the role involves triaging alerts, conducting security risk assessments, and contributing to DevSecOps initiatives.
Responsibilities:
- Triage alerts across SentinelOne, Proofpoint, Splunk, AWS Security Hub, GCP SCC, Tenable, Zscaler
- Complete security risk assessments and contribute to DevSecOps
- Collect audit evidence for SOC 2 / HITRUST
- Contribute to active initiatives such as Audit Evidence Automation and Data Governance Automation
- Drive AI-assisted implementation by data stream and category
- Contribute to security architecture and governance for non-engineering staff using Claude
Requirements:
- 2–3 years in a cybersecurity engineering or security operations role
- Familiarity with SOC 2, HITRUST, or NIST 800-53; HIPAA/PHI audits
- Experience completing customer security questionnaires or security risk assessments — you understand what you are attesting to
- Scripting or automation experience — Python, PowerShell, or Bash — applied to real operational problems, committing to GitLab, and building applications where warranted
- Exposure to DevSecOps practices — pipeline security, secure SDLC, or security tooling integration
- AI fluency is a baseline expectation here — the same way Office 365 proficiency was table stakes a decade ago. You write effective prompts, apply critical thinking to AI output, and catch errors
- You must understand these platforms beyond their security modules — how services are architected, how products are built and deployed, how data flows in production, and where security guardrails must be configured at each layer
- AWS: IAM, VPC, Security Hub, GuardDuty, CloudTrail, S3, EC2, Lambda, RDS
- GCP: IAM, VPC Service Controls, Security Command Center, Cloud Logging, GKE, Cloud Run
- SaaS product delivery — CI/CD pipelines, containerization, secrets management, access controls
- Security tooling: SentinelOne, Proofpoint, KnowBe4, Jamf, AWN, KACE, Zscaler (ZIA/ZPA), Okta, Tenable, Splunk
- Objective-first thinker: Reads the assignment and asks whether it is the right assignment. Does not miss the forest for the trees
- Moves on blockers: When you identify a dependency, you act on it — same day. You do not build uncertainty into your timeline
- Understands the stack: Knows what our platforms do and how they are configured — well enough to catch something wrong, not just document it
- Owns it: Takes the domain, assesses what needs to happen, and makes it happen — without waiting to be told
- Automates before accepting manual: AI-assisted automation is the default. You build pipelines, not habits. You commit your work
- Communicates through output: Jira tickets are current, GitLab has your commits, and scrums have closed items — your work is visible without anyone having to ask