Security Engineer

Remote
Full Time
Infrastructure
Mid Level

Title: Security Engineer

 

Reporting to: Chief Information Security Officer

 

Location/Travel: This position can be based remotely in the US, or based in our Bethesda, MD HQ

 

Opportunity:

As a cloud first organization we’re looking for a hands-on Security Engineer with deep Linux in AWS expertise highlighted with strong DevOps/DevSecOps experience. You’ll harden our Linux estates, embed security into our build/deploy pipelines, and partner with engineering to ship secure software at speed.

What Success Looks Like (First 6-12 Months)

  • Baseline Linux hardening and patch automation rolled out with ≥95% fleet compliance.
  • CI/CD pipelines enforce SAST/SCA/IaC policy gates with <2% secrets leaks.
  • Fargate/ECS/ECR admission policies block noncompliant images; image signing is enforced for production.
  • Actionable detections added to SIEM; MTTD/MTTR measurably reduced quarter-over-quarter.
  • Leverage AI to analyze complex datasets, identify patterns, and categorize insights. Develop and deploy custom utilities and automation tools to accelerate data-driven decision-making and enhance operational efficiency across the organization.
  • Fine tune alerts, including utilizing automation and AI. 

Tech You’ll Use

Linux (Debian/Ubuntu/RHEL/Alpine), Docker, Terraform, Terragrun, Ansible, GitLab, AWS (IAM), snyk/Dependabot/Depency Track, Semgrep, OWASP ZAP/Burp Suite Pro/Enterprise.

How We Work

  • Automation first: we encode controls in code and enforce via pipelines and platforms.
  • Secure defaults: opinionated templates and guardrails beat manual checklists.
  • Measure & improve: we track risk reduction, time-to-patch, and detection efficacy as some of our metrics.
 

Responsibilities:

  • Linux security across servers, containers, and endpoints: hardening (CIS/NIST baselines), patching, kernel/module controls, eBPF/AppArmor/SELinux, SSH and PAM policies, and key management.
  • Build security into CI/CD: design guardrails and automate checks (SAST/DAST/SCA, secrets scanning, IaC policy-as-code) in tools like GitLab.
  • Cloud & container security: implement least-privilege IAM; secure VPC/VNet design; KMS usage; Secrets manager hardening; image signing, admission controllers, runtime controls, and registry policies.
  • IaC & platform: create secure-by-default Terraform/Terragrunt modules; codify baseline controls; maintain reusable templates and golden AMIs/images.
  • Threat modeling & reviews: conduct design reviews, STRIDE-style threat models, and pre-prod security sign-offs for new services.
  • Vuln management: run scans (hosts/containers/dependencies), triage findings, drive remediation SLAs, and report risk posture, with tools from Rapid7 and or Wazuh. 
  • Detection & response: tune EDR/agent configs, ship logs, build detections in SIEM, participate in on-call/IR, and run post-incident learnings.
  • Secrets & identity: manage/monitor KMS, rotate credentials, and implement workload identity/federation for humans and services.
  • Compliance enablement: map controls to SOC 2/HITRUST/FedRAMP Moderate/NIST; produce evidence via automation; partnering with GRC for audits.
  • Advocacy & enablement: create docs/runbooks, lead brown-bags, and coach teams on secure coding and platform usage. 

Requirements:
  • 4-7+ years in security engineering, platform security, or SRE with a security focus.
  • Expert-level Linux administration and hardening (kernel, access controls, networking, filesystems, systemd).
  • Understanding of and exposure to current AI/LLM models and use cases. 
  • Strong DevOps/DevSecOps background: CI/CD design, artifact management, environment promotion, and policy-as-code.
  • Proficiency in Python and/or Bash and in automating security tasks at scale.
  • Hands-on with cloud IAM, networking, and encryption fundamentals (VPCs, security groups, TLS/mTLS, KMS, PKI).
  • Experience operating containers securely (RBAC, PSP replacement, network policies, secrets, admission controls).
  • Demonstrated work with vulnerability management, dependency scanning, and remediation workflows.
  • Familiarity with SIEM/EDR, log pipelines, and incident response practices.
  • Solid understanding of network security (routing, firewalls, DNS, TLS, SSH, VPNs, proxies).
  • Excellent collaboration and communication with developers, SRE, and GRC.
  • Adhere to all organizational information security policies and protect all sensitive information including but not limited to ePHI and PHI in accordance with organizational policy and Federal, State, and local regulations.

Even Better:
  • Experience with supply-chain security (Sigstore, SBOMs, provenance/attestations).
  • Exposure to secret zeroization and key lifecycle management.
  • Prior work mapping/implementing SOC 2, HITRUST, FedRAMP Moderate, ISO 27001, NIST 800-53/1900 controls.
  • Certifications (nice but not required): OSCP/OSWP, CISSP, GSEC, GCIA, GCSA, CKA/CKS.
 

About Get Well:

Now part of the SAI Group family, Get Well is redefining digital patient engagement by putting patients in control of their personalized healthcare journeys, both inside and outside the hospital. Get Well is combining high-tech AI navigation with high-touch care experiences driving patient activation, loyalty, and outcomes while reducing the cost of care. For almost 25 years, Get Well has served more than 10 million patients per year across over 1,000 hospitals and clinical partner sites, working to use longitudinal data analytics to better serve patients and clinicians. AI innovator SAI Group led by Chairman Romesh Wadhwani is the lead growth investor in Get Well. Get Well’s award-winning solutions were recognized again in 2024 by KLAS Research and AVIA Marketplace. Learn more at Get Well and follow-us on LinkedIn and Twitter.

When it comes to careers, our approach is simple: empower employees to do their best work and live their best professional and personal lives. Meeting the needs of a diverse group of employees across more than 30 states means offering tools to support financial, physical and emotional well-being and the choice to design what meets your needs. You’ll find everything you’d expect and many things you don’t: exceptionally generous paid time away from work, a variety of paid leave programs, savings opportunities with 401(k) and incentive plans, internal education programs, full array of health benefits, fitness reimbursement, cell phone subsidy, casual offices with snacks and drinks, peer recognition programs, health advocacy and employee assistance programs, chili cook-offs, pet insurance (yes, really) and so much more. Our most valuable benefit? An environment that supports YOU. The estimated pay range for this position is $110,000 - $130,000  in base salary plus bonus. Base salary is dependent on many factors including, but not limited to education, experience and skills. This range is subject to change and may be modified in the future.

Get Well is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status.


 
Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Invitation for Job Applicants to Self-Identify as a U.S. Veteran
  • A “disabled veteran” is one of the following:
    • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
    • a person who was discharged or released from active duty because of a service-connected disability.
  • A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.
Veteran status


Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 04/30/2026
Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Please check one of the boxes below:

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Human Check*