Information Security Engineer

Bamboo Health is the leader in Real-Time Care Intelligence™ solutions aimed at improving lives for everyone experiencing physical and behavioral health challenges. We are driven by our mission to empower clients to deliver seamless, high-quality and cost-effective care during pivotal moments to improve health outcomes. From coast to coast, Bamboo Health partners with all major retail pharmacy chains, 52 states and territories, 100% of the top 10 best hospitals and more than half of the country’s largest health plans to improve more than 1 billion patient encounters annually. Join us in improving lives during pivotal care moments! 

Summary:

The Bamboo Health Information Security Team is seeking a motivated Information Security Engineer to join our Security Operations team. In this role, you will be a key partner throughout the software development lifecycle, helping secure our customer-facing and internal applications. Your work will focus on vulnerability management, including web application penetration testing, along with cloud security, security automation, and digital forensics and incident response (DFIR). You will also participate in the team’s incident response on-call rotation.

This position offers exposure to all aspects of a mature, multi-layered information security program and provides the opportunity to continually expand your skillset. You will collaborate closely with experienced security professionals as well as our infrastructure, IT, and software development teams.

What You’ll Do:

Manage infrastructure, container, web, API, and mobile application vulnerabilities through dynamic application security testing (DAST), penetration testing, threat modeling, and risk analysis.

Secure applications hosted in cloud environments and highly automated Kubernetes platforms.

Support incident response processes, including event monitoring, forensics, containment, and remediation.

Develop and maintain security automation to streamline operations, including detection engineering and tooling.

Contribute to internal security awareness initiatives and promote adoption of security best practices across the organization.

Partner with development teams to embed and advocate for security best practices throughout the software development lifecycle (SDLC).

Participate in an on-call rotation to escalate, investigate, and remediate security incidents.

What Success Looks Like…

In 3 months…

Develop comprehensive expertise in Bamboo Health’s security operations by learning and mastering our tools, systems, policies, procedures, and internal documentation.

Conduct initial vulnerability scans and assist with supervised web application penetration testing.

Participate in the Security Operations on-call rotation and be comfortable with incident response activities and procedures.

Assist with planning and executing initial phishing simulations, familiarize yourself with training materials, and track early phishing performance metrics.

In 6 months…

Independently perform comprehensive web application testing (DAST) and web application penetration testing activities.

Independently manage and refine the phishing training program by designing simulations, implementing automation, analyzing results, and implementing iterative improvements for better engagement.

Assist in processing access control requests.

Start developing basic automation scripts for routine security tasks.

Contribute to enhancing the software development life cycle with tailored security best practices.

In 12 months…

Lead comprehensive system and web application vulnerability management—including regular penetration testing programs—and escalate findings to internal teams.

Understand key cloud security and compliance toolsets.

Identify areas where automation of security operations could improve existing procedures and implement the changes.

What You Need:

Bachelor’s degree in Computer Science, Information Security, IT, or a related discipline, or 5+ years of equivalent professional experience in Information Security

Hands-on experience with vulnerability management, including identification, analysis, and remediation

Practical experience with web application security testing such as DAST and/or penetration testing

Intermediate proficiency with Linux, macOS, and Windows operating systems

Foundational knowledge of cloud platforms such as AWS, Azure, or GCP

Familiarity with incident response, digital forensics, endpoint security, and securing cloud-centric or Kubernetes environments

Strong written and verbal communication skills, with the ability to articulate technical concepts and business rationale clearly

Working knowledge of tools commonly used for vulnerability management, endpoint protection, and/or SIEM operations

Understanding of incident response processes and best practices

Experience supporting or participating in security audits and working with compliance frameworks (e.g., SOC 2, HIPAA, HITRUST, ISO 27001)

Intermediate understanding of scripting languages such as Python, PowerShell, or Base

Security or cloud certifications, or other evidence of security-related achievements, preferred

Strong analytical and problem-solving skills, with sound judgment and creativity in developing innovative solutions

Demonstrated ability to thrive in fast-paced, high-growth, and rapidly evolving environments

Ability to work effectively in a remote-first environment, ensuring high-quality virtual interactions with minimal distractions

What You Get:

Join one of the fastest growing health IT companies in the country.

Have the autonomy to build something with an enthusiastically supportive team.

Learn from working at the highest levels and on the most strategic priorities of the company, including from world class investors and advisors.

Receive competitive compensation, including health, dental, vision and other benefits.

Belonging at Bamboo

We Care. #BambooHealthValuesCare

Every human being has the right to the best possible healthcare. Our Real-Time Care Intelligence™ solutions enable healthcare professionals to see and treat every individual as a whole person by providing the right information, at the right time – regardless of physical, behavioral or social barriers.  

We’re a great place to work because we care. We continually seek to learn about our differences and ensure the unique perspectives and contributions of all employees are welcome, valued and celebrated.  

Our commitment to making a positive impact starts by recognizing and leveraging our differences, building inclusive teams and cultivating a sense of belonging.

Bamboo Health is proud to provide equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Bamboo Health GDPR/RODO

To protect our applicants from fraudulent recruitment activity, we recommend that all applicants verify the validity of an interview and hiring process by visiting our website www.bamboohealth.com. All valid job postings will be listed on our careers page. Bamboo Health does not conduct interviews via text and will not request sensitive information such as banking details during the application process.

#LI-Remote