Security Operations Engineer

Job Title: Security Operations Engineer 

Team: Cyber Security  

Job Location: Remote 

About Us: 

Join us in revolutionizing healthcare! We build software that simplifies the process of choosing the right health insurance for individuals. Our solutions help our health plan and government customers with the administration, reporting, and operational requirements of their plans. By tackling the complexities of enrollment, administration, renewal, billing, and more, we enable our customers and partners to concentrate on advancing their core missions.  

Our Company Culture: 

Our culture is built on collaboration, innovation, and appreciation. We value each employee's unique talents and contributions and understand that every individual plays a critical role in our mission to transform healthcare. Every day, we celebrate our team's dedication, creativity, and expertise, which drive us closer to our goals. 

At Softheon, our mission is making healthcare more affordable, accessible, and plentiful for every American. Our vision is that everyone can access and choose the healthcare they need. 

About the role:  

The Security Operations Engineer at Softheon plays a pivotal role in strengthening our cloud and hybrid security posture by implementing advanced information security controls and managing real-time threat detection and response efforts. In addition to deep technical expertise in Microsoft Defender, Sentinel, and cloud-native tools, this role thrives on collaboration—working closely with peers in Cloud Security, Compliance, DevOps, and Engineering to embed security into all facets of the organization. 

The engineer contributes to our collective security maturity by performing proactive assessments, maintaining regulatory compliance (e.g., HIPAA, SOC 2), and advancing our security automation and tooling. As a key member of a highly collaborative Security Engineering team, this individual will be expected to function as both a subject matter expert and a flexible team player—taking ownership where appropriate, serving as a backup where needed, and contributing to shared initiatives across disciplines. 

This role demands strong self-direction, a problem-solving mindset, and a team-first mentality to help safeguard the integrity, confidentiality, and availability of Softheon’s healthtech SaaS ecosystem. 

You will:  

Security Improvement and Implementation 

• Proactively research and identify opportunities to strengthen Softheon’s cloud and hybrid security posture, with emphasis on Microsoft Azure environments and Zero Trust principles. 

• Collaborate cross-functionally with IT, DevOps, and Cloud Security teams to design and implement scalable, secure architectures aligned with security best practices and compliance frameworks (HIPAA, SOC 2, PCI). 

• Engineer and deploy advanced security controls including detection-as-code and policy-as-code initiatives such as Azure Policy, Kusto Query Language (KQL), and Microsoft Conditional Access policies. 

• Support the operationalization of new security tools and features, contributing to the evolution of next-gen automation and security infrastructure across Azure and SaaS platforms. 

• Harden and optimize the organization's CSPM and CASB tools to improve cloud threat detection, enforce security policies, and ensure continuous compliance across hybrid-cloud environments. 

Monitoring and Incident Response 

• Administer Microsoft Sentinel, Microsoft Defender XDR, and related security tools for real-time alerting, correlation, and response to potential threats. 

• Respond to escalated incidents based on severity and business impact; coordinate with Cloud and Compliance teams for cross-functional incident response. 

• Maintain and optimize infrastructure monitoring and centralized dashboards to provide operational awareness across cloud and on-prem environments. 

• Develop automation and SOAR playbooks (e.g., LogicApps, Sentinel automation rules) to collect security metrics and reduce mean time to detect/respond (MTTD/MTTR). 

• Continuously assess alert quality and detection fidelity, tuning signals and rules to balance noise reduction and comprehensive coverage. 

Compliance and Auditing 

• Partner with Compliance, GRC, and Legal stakeholders to ensure technical security controls align with regulatory frameworks including HIPAA, SOC 2, HITRUST, PCI DSS, and ISO 27001. 

• Implement and document technical evidence for audits, contributing to readiness for external assessments and client security reviews. 

• Collaborate on POA&M items, vulnerability remediation, and continuous monitoring activities to meet CMS and audit board standards. 

• Maintain automation and documentation pipelines that support recurring assessments and enforce policy-as-code for compliance enforcement. 

Assessment and Evaluation 

• Conduct proactive security assessments and architectural reviews in collaboration with internal teams to identify gaps and drive technical remediation strategies. 

• Develop and maintain real-time security dashboards using metrics from tools like Microsoft Sentinel and Defender, providing actionable visibility into threat trends, posture, and remediation status. 

• Deliver structured reporting on KPIs such as incident response times, alert fidelity, and control coverage to inform both technical teams and executive stakeholders. 

Training and Awareness 

• Design, lead, and manage organization-wide security education initiatives, including phishing simulation campaigns, targeted training modules, and awareness outreach. 

• Collaborate with HR and compliance to ensure training aligns with regulatory frameworks (HIPAA, PCI, etc.) and supports cultural adoption of security best practices. 

• Use metrics to evaluate program effectiveness, adjusting content based on incident trends, user behavior, and regulatory needs. 

Process Improvement 

• Identify and drive enhancements to internal security processes, focusing on automation, standardization, and operational efficiency. 

• Develop and refine internal tooling, scripts, and workflows to support proactive threat detection, remediation, and audit-readiness. 

• Collaborate cross-functionally to ensure optimized procedures align with both business objectives and regulatory mandates. 

Collaboration and Adaptability 

• Collaborate seamlessly with technical and non-technical teams, translating security objectives into actionable initiatives across departments. 

• Demonstrate flexibility and adaptability in a dynamic environment, adjusting to evolving priorities, regulatory changes, and organizational needs. 

• Serve as a liaison between engineering, compliance, product, and operations teams to ensure security is embedded across the business lifecycle. 

Autonomy and Initiative 

• Operate with a high degree of independence, consistently demonstrating initiative and ownership in addressing security challenges. 

• Proactively identify and resolve issues without waiting for direction, contributing to a resilient and secure infrastructure. 

• Exhibit sound judgment and accountability in a fast-paced environment with minimal supervision. 

Talent Management 

• Partner with the Talent team to support recruitment efforts, including participation in interviews and evaluating candidates for technical and cultural fit. 

• Leverage industry knowledge and professional networks to identify and attract high-caliber talent that supports organizational growth. 

• Mentor and provide technical guidance to peers across the team, fostering a collaborative and growth-oriented environment. 

• Champion and contribute to a positive organizational culture by promoting the company’s core values and encouraging cross-functional engagement and teamwork. 

Additional Responsibilities 

• Participate in an on-call rotation during peak operational periods, providing responsive support outside standard business hours to ensure rapid resolution of critical security issues. 

• Although the role is primarily remote, in-person attendance at company headquarters is required approximately twice per year for strategic planning, collaboration, and team-building activities. Travel arrangements will be coordinated to ensure a seamless experience. 
• 5% travel is required

• Availability during Eastern Time working hours (9:00 AM – 6:00 PM ET) is required to maintain alignment with business operations and team collaboration. 

• The candidate must reside in the Eastern or Central time zone to support team cohesion and coverage expectations. 

You have:  

Education 

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field. 

• SC-200 certification required prior to start date. 

• CompTIA Security+ is preferred  

Experience 

• Minimum of 4 years of hands-on experience in a Security Operations role. , ideally in a mid-level engineering capacity. 

• At least 2 years of experience working directly with Azure security tools and environments. 

• Proven production experience using Microsoft Defender 365. 

• Strong proficiency with Linux and Windows operating systems, including system hardening and secure configuration practices. 

Knowledge 

• Understanding of Git and CI/CD pipelines, including best practices for securing source control and deployment workflows. 

• Familiarity with container security and orchestration platforms such as Docker, Kubernetes, and EKS. 

• Hands-on experience with SIEMs (especially Sentinel), Azure Security Center, compliance tools, and offensive security tools like Kali Linux. 

• Understanding of web application security concepts including HTTPS, security headers, OWASP Top 10, WAFs, and certificate management. 

• Proficiency in log analysis, detecting abnormal system and network behavior, and performing basic forensic investigations. 

Skills  

• Strong understanding of foundational security concepts including Least Privilege, Role-Based Access Control (RBAC), Zero Trust, and network segmentation. 

• Familiarity with Zscaler technologies and their role in secure internet access, application access, and zero trust implementations. 
• AZ-500, CompTIA Security+, SSCP, CSA, CSOP, or other relevant security credentials. 

• Experience or interest in scripting for automation using tools like PowerShell, Python, or similar. 

Attributes 

• Demonstrated accuracy in incident response and forensic documentation. 

• Strong problem-solving abilities to identify root causes and develop mitigation strategies. 

• Eagerness to learn and adjust to evolving threats, technologies, and organizational priorities. 

What we offer:  

Softheon offers every full-time employee a comprehensive compensation and benefits package including:  

• For this position we offer a base pay of $101,000-$131,000, plus equity (when applicable), variable/incentive compensation, and benefits. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as candidate location, qualifications, skill level, and competencies.  

• Work from your home company with a one-time home office stipend 

• Comprehensive benefits package that includes health, vision and dental coverage for you, your spouse and dependents 

• Additional benefits, including a monthly wellness stipend and internet stipend, 401K w/ a match; immediately vested, employee assistance program, disability/life insurance, and parental leave 

• 15 days to discretionary PTO based on YOS 

• 9 additional paid holidays 

• Referral bonuses, discretionary bonus program, spot bonuses and professional development opportunities 

*Please note that candidates applying for this position must reside within the United States.  

Eligibility to Work in the U.S.: We are unable to sponsor or assist with visa-related processes. Candidates must have valid work authorization to work in the U.S. without any current or future need for employer sponsorship.      

Join Softheon, and together, we'll shape the future of healthcare in America. 

Are you ready to make a difference? Join us at Softheon and help revolutionize healthcare for all. 

At Softheon, we embrace and celebrate diversity in all its forms as an equal opportunity employer. We strongly believe that employing a diverse workforce is key to our success. Our recruitment and hiring decisions are made solely on the basis of each candidate's qualifications, experience, and skills. We highly appreciate your dedication to our shared mission of making healthcare more affordable, accessible, and plentiful. Join us in our journey towards continually building a diverse and inclusive workplace, where everyone’s contributions are valued, respected, and celebrated.  

Employment with Softheon is at-will, which means either the employee or Softheon may terminate the employment relationship at any time, with or without cause, and with or without notice. Nothing in this job description or in any document or statement shall be construed to constitute a guarantee of employment for a specified period of time.