Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative, consumer-centric health benefit solutions that people can actually use. Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way.
We’re looking for a Principal Information Security Engineer (Generalist) who will be responsible for assisting with all aspects of Gravie’s comprehensive Information Security Program. You will be given a great deal of freedom, opportunity, responsibility, and autonomy as an early hire on our growing Information Security Team. You will be involved with evolving multiple security programs such as Governance, Education & Awareness, Vulnerability Management, Incident Response, Security Engineering and Security Operations. You will be a technical, engineering, and operational subject matter expert across the full spectrum of security programs at Gravie, while also having the opportunity to specialize your role and own individual programs. The ideal candidate will possess sufficient technical breadth and depth coupled with an ability to lead, communicate effectively, and build relationships. Additionally, the ideal candidate will be exceptionally motivated, eager to learn and make an impact across multiple security verticals while also being comfortable taking initiative and working through ambiguous situations in an environment where excellence is expected.
· Assist the Chief Information Security Officer with all aspects of Gravie’s Information Security Program (Governance, Education & Awareness, Vulnerability Management, Incident Response, Security Engineering, Security Operations, etc.)
· Develop your expertise and own entire verticals within our Information Security Program
· Provide strategic input and be a stakeholder in how the security program evolves
· Conduct outreach efforts and present on security topics internally at Gravie
· Build relationships and collaborate with system owners to identify, track and remediate system and/or software vulnerabilities
· Contribute to incident response efforts and support the evolution of our Security Incident Response Plan (SIRP)
· Lead the deployment, tuning, operation and maintenance of our entire security stack
· Serve as a subject matter expert for escalated/validated security alerts and guide/shape daily security operations and how we build for scale
· Demonstrate commitment to our core competencies of being authentic, curious, creative, empathetic and outcome oriented.
· A track record of execution and delivery showing initiative, creativity and reliability
· Strong verbal and written communication skills with an ability to elegantly convey complex topics and build consensus with stakeholders at all levels
· Deep expertise with at least one of our security verticals with experience in a few
· Excellent communication skills
· Demonstrated success getting results through collaboration
· Previous start up company experience
· Experience on a small, high performing team with a wide range of responsibilities
· Experience as an Incident Commander responsible for leading incident response efforts and maintaining a Security Incident Response Plan (SIRP)
· AWS background with an understanding of modern cloud security/engineering topics
· Development/AppSec background with an ability to lead a Bug Bounty Program and be a go-to resource and security liaison for our Product Team
Competitive pay is standard. Our unique benefits program is the gravy, i.e., the special sauce that sets our compensation package apart. In addition to standard benefits, Gravie’s package includes alternative medicine coverage, flexible PTO, 16 weeks paid parental leave, paid holidays, cell phone reimbursement, education reimbursement, and 1 week of paid paw-ternity leave just to name a few.