Experienced, Information Security Engineer

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

Conduct scans (agent/network), analyze results (CVEs, CVSS), identify systemic issues, and perform risk assessments for complex environments (cloud, mobile, DB, OS). Define VM policies, improve posture, guide remediation, lead risk reduction initiatives, and serve as the subject matter expert for complex security vulnerability challenges. Drive remediation at scale across cloud, containers, endpoints, apps, and third parties. Navigates the enterprise for false positives and compensating controls.

Your role in our mission

• Develops reports, dashboards, and alerts to automate tasks (Python, PowerShell), and track metrics.
• Works with IT Operations, SOC, GRC, Third-Party vendors and leadership to align vulnerability management with broader security, manage compliance, and brief leadership.
• Monitor threat landscape, analyze new vulnerabilities (NVD, MITRE), and provide proactive guidance.
• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.
• Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
• Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
• Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines. Develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
• Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
• Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
• Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.
• Assesses the impact on the business unit/customer caused by theft, destruction, alteration or denial of access to information and reports to senior management.
• Provides leadership and work guidance to less experienced personnel.

What we're looking for

• Experience working with vulnerability management/infosec (or equivalent experience).
• Expert Knowledge with scanners (Tenable, Qualys, Rapid7).
• Proficiency with authenticated scanning, agent vs network scanning, discovery, segmentation constraints.
• Proficiency with CSPM.
• Knowledge of OS (Win/Linux/macOS), cloud security, databases, and networking.
• Proficiency with CVE, CVSS, MITRE ATT&CK, FISMA, CISA directives.
• Strong risk analysis, root cause identification, and data analysis.
• Excellent communication, leadership, and ability to explain complex risks to diverse audiences.

What you should expect in this role

• Remote position (US only)
• Opportunities to travel through your work (0-10%)
• Video cameras must be used during all interviews, as well as during the initial week of orientation
• The deadline to submit applications for this posting is 5/30/2026

The pay range for this position is $95,100 - $135,800 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits , and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You'll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.