Security and Compliance Engineer

ABOUT DOCGO:
DOCGO is transforming healthcare with peerless innovation and on-the-ground care. Our mobile workforce of thousands of full-time traveling clinicians and our proprietary, AI-powered software leverages robust medical record integrations to drastically improve patient outcomes. In our tireless pursuit of high-quality, highly affordable healthcare for all, DocGo makes the impossible possible. We’re revolutionizing the delivery of healthcare and we need a SECURITY & COMPLIANCE ENGINEER to join us!

ABOUT THE JOB:
Headquartered in NYC, we are a fast-moving and rapidly growing healthcare startup with a growing global footprint. The Security & Compliance Engineer is responsible for supporting, administering, maintaining, and optimizing infrastructure hardware & software. They will also participate in planning and executing IT security strategy including vulnerability management, security policy development, and awareness training development. Our ideal candidate must be a problem solver with a lot of initiative and excellent, well rounded, technical knowledge.

RESPONSIBILITIES:

• Analyze systems and seek improvements on a continuous basis

• Report possible threats or software issues within organization infrastructure, on endpoints, or cloud-based assets

• Conduct testing and deliver insightful reports based on findings

• Recommend cost-effective solutions to resolve cybersecurity issues

• Understand software, hardware and other technical needs while adjusting them according to our business environment

• Develop and maintain best practices and security standards for the organization

• Perform testing of company infrastructure and IP

• Assist fellow employees with cybersecurity, software, hardware, or IT needs

• Participate in maintaining compliance, change management, and the organization compliance program

• Stay on top of industry standards and ensure complete compliance

• Be a part of the SDLC by acting as an advocate for secure coding practices and working with engineering as a part of the release process

REQUIRED QUALIFICATIONS:

• 7+ years in a cybersecurity related role

• Experience with incident detection, response, and forensics

• Experience with security platforms such as firewalls, SIEMs, EDR/XDR, MDM, NACs, DLP, pen testing tools and distributions (e.g., Kali, Parrot, or Arch Linux, Burpsuite, Metasploit) - Functional use and maintenance

• Has a led a team of any size preferably in cybersecurity related projects

• Experience and comfort with being the POC for security related business tasks (e.g. DDQs and data requests such as e-discovery)

• Experience with vulnerability detection, testing, and mitigation (emphasis on testing)- Red or blue teaming experience a plus

• Scripting experience in Python, JS, and Powershell- Ruby, Node, or Go a plus

• Experience with and strong knowledge of secure infrastructure architecture – Functional use and maintenance (e.g. Architecting, implementing, maintaining)

• Experience with managing compliance such as HIPAA, PCI, SOC, or ISO- Experience in drafting policies a plus

• Strong understanding of the NIST CSF or CISA Cyber Framework and best practices

• Experience with code review

• Strong attention to detail

• Excellent communication skills

• Strong critical thinking and problem-solving skills

• Ability to prioritize projects

• Experience with Office 365 and securing Microsoft platforms

• Experience with and working knowledge AWS, web application architecture, and secure cloud

• Experience using Governance, Risk, and Compliance platforms

PREFERRED QUALIFICATIONS:

• Bachelor’s Degree in Computer Science, IT, or related field preferred but not required

• Combination of CISM, CEH, OSCP, CySa+, PenTest+. or GSEC desired

• CISSP and OSWP is a plus

EEO/AAP Statement:  DocGo is an equal opportunity employer. We acknowledge and honor the fundamental value and dignity of all individuals. We pledge ourselves to crafting and maintaining an environment that respects diverse traditions, heritages, and experiences.  DocGo is an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

The above-noted job description is not intended to describe, in detail, the multitude of tasks that may be assigned but rather to give the applicant a general sense of the responsibilities and expectations of this position.  As the nature of business demands change so, too, may the essential functions of the position.