Cybersecurity Engineer

About DrFirst

For 25 years, DrFirst has empowered providers and patients to achieve better health through intelligent medication management. We improve healthcare workflows and help patients start and stay on therapy with end-to-end solutions that enhance prescription access, affordability, and adherence. Our solutions help 100 million patients a year and are used by more than 420,000 prescribers, 71,000 pharmacies, 270 EHRs and health information systems, and over 2,000 hospitals in the U.S. This is a great opportunity to be a part of a successful Healthcare IT company experiencing significant growth. Here you'll get to work with some of the smartest and most interesting people around; solving unique and complex challenges in healthcare on a scale matched by a few companies. If you get excited about stretching yourself in new ways, developing yourself to your fullest potential, care about working with smart colleagues; we want to talk to you!

Position Overview

At DrFirst, we play in the major leagues. Our 5-person security team covers what most organizations staff with ten or more — not by working longer, but by working smarter. We are adding a Cybersecurity Engineer to grow that team, and we are looking for someone who earns their place as an engineer — not an analyst.

The difference matters. Analysts follow playbooks. Engineers understand the systems well enough to know when something is wrong — and to build the automation that catches it faster next time. You will triage alerts, complete security risk assessments, contribute to DevSecOps, and collect audit evidence. But you will do all of it with enough platform depth that you can spot a misconfiguration during evidence collection, not just screenshot and move on.

More importantly, you use AI the way an engineer uses any powerful tool — to rethink how work gets done, not just to finish it faster. You do not just prompt Claude to complete a task. You ask whether the task should exist in its current form at all, and if not, you build something that eliminates it. You have done this already. Others would describe you this way — keep reading.

What You Contribute

You report to the VP Security and work alongside two Principal Security Engineers and one Senior Cybersecurity Engineer. You own your queue and contribute to shared goals. You are not handed a checklist — you are expected to understand what you are looking at.

Domain

Scope

Cadence

Security Operations

Alert triage across SentinelOne, Proofpoint, Splunk, AWS Security Hub, GCP SCC, Tenable, Zscaler. Security inbox, customer questionnaires, SRAs, KnowBe4, onboarding/offboarding compliance, endpoint and allowlist controls.

Steady state

DevSecOps — Contributor

Contribute alongside a Principal who spends 60% of his time here. Pipeline security, secure SDLC, security tooling integration. Tangible deliverables.

Ongoing

Security Incident Response

Incident response, proactive threat prevention, security reviews for new product features.

As needed

Audit Evidence Collection

SOC 2 / HITRUST evidence for your domains. Platform depth matters — you flag misconfigurations, not just collect screenshots.

Seasonal burst

What you will work on

Strategic Initiatives You Step Into From Day One

Active initiatives with momentum. You contribute immediately.

Initiative

What You Step Into

Audit Evidence Automation

Active initiative to automate SOC 2 / HITRUST evidence collection using Claude Code — moving the team from collectors to SME reviewers. You contribute to this from day one.

Data Governance Automation

Retention policy framework in progress. Drive AI-assisted implementation by data stream and category, coordinate purge processes across email and corporate data stores.

Corporate Claude Environment

Contribute to security architecture, guardrails, and governance for non-engineering staff using Claude for automation and data access via MCPs.

How We Work

Security is one of the fastest-moving domains in tech — AI is expanding the attack surface, automating threats, and simultaneously giving defenders more leverage than ever. We are not treading water here. We are building an AI-driven security function and looking for someone who wants to help shape what that looks like — not be handed a blueprint.

Think You Can Do This? Here Is What Day 30 Looks Like.

This is the kind of place where you can actually get things done — not just talk about doing them. By the end of your first 30 days:

✓

Security inbox is running clean — SRAs and customer questionnaires completed on time, using existing automation with your own SME judgment applied to the output

✓

Alert triage cadence established — queue owned, first tuning improvements documented

✓

At least one AI automation shipped — not planned, not in progress — live, with measurable time savings. Data governance is one area that needs attention.

✓

An informed point of view on at least one configuration or gap in our stack — something you observed, not something you were told

✓

At least one tangible DevSecOps deliverable contributed alongside the principal

✓

Scrums: tickets updated, blockers surfaced, closed items to show — not a status report on what you are still figuring out

This Role Is Not For You If...

✗

You use AI to finish tasks faster but do not ask whether the task should exist at all

✗

You default to recreating what already exists rather than finding, reading, and building on it

✗

You confuse being busy with being effective — activity is not the same as progress

✗

You have open items sitting idle waiting on another team — you own the follow-through, including picking up the phone

✗

You measure contribution by effort, not outcomes

✗

You build automations and scripts that live only on your laptop

✗

You interpret autonomy as working on assigned tasks, rather than demonstrating week by week progress against your agreed 90-day onboarding plan

✗

You show up to scrum as a passenger — tickets not updated, blockers not surfaced, nothing to show

Qualifications

Experience

• 2–3 years in a cybersecurity engineering or security operations role
• Familiarity with SOC 2, HITRUST, or NIST 800-53; HIPAA/PHI audits
• Experience completing customer security questionnaires or security risk assessments — you understand what you are attesting to
• Scripting or automation experience — Python, PowerShell, or Bash — applied to real operational problems, committing to GitLab, and building applications where warranted
• Exposure to DevSecOps practices — pipeline security, secure SDLC, or security tooling integration

AI-Augmented Engineering — Non-Negotiable

AI fluency is a baseline expectation here — the same way Office 365 proficiency was table stakes a decade ago. You write effective prompts, apply critical thinking to AI output, and catch errors. What sets you apart is the engineering mindset on top of that: you continuously look for opportunities to use Claude and Claude Code to automate your work, commit those automations to GitLab, and build toward systems that do not need you to run them.

Platform and Cloud Knowledge — Non-Negotiable

We are a software company running production systems on AWS and GCP. You must understand these platforms beyond their security modules — how services are architected, how products are built and deployed, how data flows in production, and where security guardrails must be configured at each layer. Misconfigurations do not announce themselves. Security knowledge without platform knowledge is not enough here.

• AWS: IAM, VPC, Security Hub, GuardDuty, CloudTrail, S3, EC2, Lambda, RDS
• GCP: IAM, VPC Service Controls, Security Command Center, Cloud Logging, GKE, Cloud Run
• SaaS product delivery — CI/CD pipelines, containerization, secrets management, access controls
• Security tooling: SentinelOne, Proofpoint, KnowBe4, Jamf, AWN, KACE, Zscaler (ZIA/ZPA), Okta, Tenable, Splunk

Core Attributes

• Objective-first thinker: Reads the assignment and asks whether it is the right assignment. Does not miss the forest for the trees.
• Moves on blockers: When you identify a dependency, you act on it — same day. You do not build uncertainty into your timeline.
• Understands the stack: Knows what our platforms do and how they are configured — well enough to catch something wrong, not just document it.
• Owns it: Takes the domain, assesses what needs to happen, and makes it happen — without waiting to be told.
• Automates before accepting manual: AI-assisted automation is the default. You build pipelines, not habits. You commit your work.
• Communicates through output: Jira tickets are current, GitLab has your commits, and scrums have closed items — your work is visible without anyone having to ask.

Physical Requirements

• 90% Desk/phone work
• 10% Standing/moving throughout the office

#LI-GF1 #LI-Remote 

Benefits

• Competitive compensation, with a base salary of $65,000 - $80,000 (Exact compensation may vary based on skills and experience)
• Eligible for Company Performance-based Bonus Program, based on individual and company performance
• Medical, dental, and vision insurance
• 401K eligible after 3 months of employment, with 50% company match up to first 5% of salary contributed to the plan with a 3-year vesting schedule
• HSA for eligible employees enrolled in the HDHP, with a generous company contribution up to $500 for individual coverage and $1000 for family coverage per year
• 100% company-paid short and long-term disability, AD&D, and group life insurance
• Accrued annual paid time off (PTO) of 18 days for the first 3 years of service, increasing thereafter and 7 paid holiday days
• Employee Assistance Program
• Continuing Education funds up to $1500 annually for eligible programs after 1 year of service
• Voluntary benefits including FSA, Hospital indemnity, Accident and Critical Illness insurances

DrFirst is committed to being a Remote-First company, creating a dynamic and flexible workplace where everyone can thrive, no matter where they log in from. Check out our approach to remote work https://drfirst.com/company/about-us/careers/.

Our recruitment process at DrFirst is straightforward and secure. You will only be contacted by our recruitment team through an official @drfirst.com email address. We will never ask you for payment or sensitive personal information, such as your social security number or banking details, at any stage of the hiring process. Additionally, we will not request that you purchase equipment or accept e-checks or checks for deposit. If you encounter any communications claiming to be from DrFirst that seem suspicious, please contact our recruitment team directly at recruiter@drfirst.com to verify the message's authenticity. Your security is important to us! 

Learn more about our benefits and professional development opportunities https://drfirst.com/company/about-us/careers/the-perks/.