RevSpring
Job Summary
This is not a passive, monitor-the-dashboard role – it is designed for a builder. The Security Engineer at RevSpring will lead efforts to secure infrastructure by owning, integrating, and optimizing the full lifecycle of security tools. From SIEM and CSPM to EDR and SOAR, each control will be made actionable, automated, and aligned to risk. Collaboration across teams will be essential to embed security into systems and processes, driving measurable maturity and delivering real protection – not just checklists.
The role also supports compliance initiatives, leads risk assessments, manages security frameworks (NIST, HITRUST, ISO 27001), and responds to emerging threats with a solid understanding of both offensive and defensive security practices. Positioned at the intersection of security engineering, architecture, and strategy, this is a high‑impact opportunity that contributes directly to securing the ways millions of people connect with the services they depend on – confidently and securely.
Essential Functions Tool Ownership & Security Architecture
Own the lifecycle of security platforms including EDR/XDR, SIEM, SOAR, CSPM, IAM, and vulnerability management.
Integrate and automate security tools and workflows across IT, cloud, and SOC environments.
Continuously tune alerting, dashboards, and policies to reduce noise and improve signal quality.
Maintain security control maps and maturity metrics.
Security Maturity & Measurement
Build and maintain RevSpring’s Security Tool Maturity Roadmap.
Track and report key performance indicators (KPIs) and return on investment (ROI) for all tools.
Map control capabilities to frameworks such as NIST CSF, HITRUST, ISO 27001, and CIS Controls.
Identify coverage gaps and eliminate redundant tools.
Security Engineering & Compliance
Conduct regular security risk assessments and audits across systems, applications, and networks.
Design and implement new security solutions, collaborating closely with infrastructure, cloud, and AppSec teams.
Support and maintain compliance with HIPAA, HITRUST, PCI‑DSS, SOX, NIST, and GLBA.
Formulate and manage IT security incident response strategies.
Automation & Enablement
Develop scripts and integrations using Python, PowerShell, Bash, and REST APIs to automate security operations.
Embed security controls into CI/CD pipelines and infrastructure as code.
Maintain documentation, runbooks, and diagrams to support repeatable security improvements.
Governance & Cross‑Functional Collaboration
Partner with procurement, risk, and compliance teams to manage tool renewals, licensing, and governance.
Communicate security tool performance, maturity, and improvements to leadership in clear, data‑driven ways.
Translate complex technical issues into business‑relevant language.
Minimum Requirements Specific Job Skills
Strong understanding of at least three areas of the modern security stack: SIEM, EDR/XDR, SOAR, CSPM, IAM, or vulnerability management.
Experience in cloud security (AWS, Azure, or GCP) and implementing security controls across cloud platforms.
Experience with security assessments, architecture design, and risk‑based security implementation.
Familiarity with standards/frameworks: NIST CSF, HITRUST, ISO 27001/27002, COBIT, ITIL, CIS.
Proficient in scripting/automation (e.g., Python, PowerShell) and integrating APIs.
Experience with penetration testing, ethical hacking, or advanced threat detection tools.
Ability to support compliance requirements and perform security reviews for internal and external stakeholders.
Experience building or managing a security tool governance or maturity framework.
Certifications such as GDSA, GCIA, AWS Security Specialty, CISSP, CISM, or similar.
Familiarity with MITRE ATT&CK, secure coding practices, and modern DevSecOps workflows.
Strong project management, reporting, and stakeholder communication skills.
Analytical mindset with the ability to break down complex problems.
Strong written and verbal communication skills – technical and non‑technical audiences.
Proven ability to work independently and as part of a team.
Flexible and adaptable to evolving business and technical priorities.
Passion for continuous learning and measurable security outcomes.
Education: N/A
Experience: 3–7 years of hands‑on experience in Security Engineering, SOC Engineering, or DevSecOps.
Supervision: N/A
Certifications: N/A
Language Skills: Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures or governmental regulations; write reports, business correspondence, and procedure manuals; effectively present information and respond to questions from a variety of internal and external sources.
Physical Capabilities: Standard categories – employees are regularly required to sit, use hands, reach, talk or hear; occasionally stand and walk; lift up to 10 pounds; vision requirements include close, distance, color, peripheral, depth perception, and focus adjustment.
Equal Opportunity Employer RevSpring is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Note: This Job Description may not describe all of the job responsibilities and standards assigned to this position. The duties may change from time to time. RevSpring does not discriminate against any group in hiring or employment practices. Nothing in this job description constitutes a contract for employment.
#J-18808-Ljbffr
The role also supports compliance initiatives, leads risk assessments, manages security frameworks (NIST, HITRUST, ISO 27001), and responds to emerging threats with a solid understanding of both offensive and defensive security practices. Positioned at the intersection of security engineering, architecture, and strategy, this is a high‑impact opportunity that contributes directly to securing the ways millions of people connect with the services they depend on – confidently and securely.
Essential Functions Tool Ownership & Security Architecture
Own the lifecycle of security platforms including EDR/XDR, SIEM, SOAR, CSPM, IAM, and vulnerability management.
Integrate and automate security tools and workflows across IT, cloud, and SOC environments.
Continuously tune alerting, dashboards, and policies to reduce noise and improve signal quality.
Maintain security control maps and maturity metrics.
Security Maturity & Measurement
Build and maintain RevSpring’s Security Tool Maturity Roadmap.
Track and report key performance indicators (KPIs) and return on investment (ROI) for all tools.
Map control capabilities to frameworks such as NIST CSF, HITRUST, ISO 27001, and CIS Controls.
Identify coverage gaps and eliminate redundant tools.
Security Engineering & Compliance
Conduct regular security risk assessments and audits across systems, applications, and networks.
Design and implement new security solutions, collaborating closely with infrastructure, cloud, and AppSec teams.
Support and maintain compliance with HIPAA, HITRUST, PCI‑DSS, SOX, NIST, and GLBA.
Formulate and manage IT security incident response strategies.
Automation & Enablement
Develop scripts and integrations using Python, PowerShell, Bash, and REST APIs to automate security operations.
Embed security controls into CI/CD pipelines and infrastructure as code.
Maintain documentation, runbooks, and diagrams to support repeatable security improvements.
Governance & Cross‑Functional Collaboration
Partner with procurement, risk, and compliance teams to manage tool renewals, licensing, and governance.
Communicate security tool performance, maturity, and improvements to leadership in clear, data‑driven ways.
Translate complex technical issues into business‑relevant language.
Minimum Requirements Specific Job Skills
Strong understanding of at least three areas of the modern security stack: SIEM, EDR/XDR, SOAR, CSPM, IAM, or vulnerability management.
Experience in cloud security (AWS, Azure, or GCP) and implementing security controls across cloud platforms.
Experience with security assessments, architecture design, and risk‑based security implementation.
Familiarity with standards/frameworks: NIST CSF, HITRUST, ISO 27001/27002, COBIT, ITIL, CIS.
Proficient in scripting/automation (e.g., Python, PowerShell) and integrating APIs.
Experience with penetration testing, ethical hacking, or advanced threat detection tools.
Ability to support compliance requirements and perform security reviews for internal and external stakeholders.
Experience building or managing a security tool governance or maturity framework.
Certifications such as GDSA, GCIA, AWS Security Specialty, CISSP, CISM, or similar.
Familiarity with MITRE ATT&CK, secure coding practices, and modern DevSecOps workflows.
Strong project management, reporting, and stakeholder communication skills.
Analytical mindset with the ability to break down complex problems.
Strong written and verbal communication skills – technical and non‑technical audiences.
Proven ability to work independently and as part of a team.
Flexible and adaptable to evolving business and technical priorities.
Passion for continuous learning and measurable security outcomes.
Education: N/A
Experience: 3–7 years of hands‑on experience in Security Engineering, SOC Engineering, or DevSecOps.
Supervision: N/A
Certifications: N/A
Language Skills: Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures or governmental regulations; write reports, business correspondence, and procedure manuals; effectively present information and respond to questions from a variety of internal and external sources.
Physical Capabilities: Standard categories – employees are regularly required to sit, use hands, reach, talk or hear; occasionally stand and walk; lift up to 10 pounds; vision requirements include close, distance, color, peripheral, depth perception, and focus adjustment.
Equal Opportunity Employer RevSpring is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Note: This Job Description may not describe all of the job responsibilities and standards assigned to this position. The duties may change from time to time. RevSpring does not discriminate against any group in hiring or employment practices. Nothing in this job description constitutes a contract for employment.
#J-18808-Ljbffr