<p>Location: Minneapolis, MN</p><br/><p>Employment Type: Full Time</p><br/><p>Team: Engineering</p><br/><div><span style="font-size: 16px">Hi, we’re Gravie. Our mission is to improve the way people purchase and access healthcare through innovative,&nbsp;consumer-centric health benefit solutions that people can actually use.&nbsp;Our industry-changing products and services are developed and delivered by a diverse group of unique people. We encourage you to be your authentic self - we like you that way.</span></div><div><span style="font-size: 16px">&nbsp;</span></div><div><span style="font-size: 16px">We’re looking for a Principal Information Security Engineer (Generalist) who will be responsible for assisting with all aspects of Gravie’s comprehensive Information Security Program. You will be given a great deal of freedom, opportunity, responsibility, and autonomy as an early hire on our growing Information Security Team. You will be involved with evolving multiple security programs such as Governance, Education &amp; Awareness, Vulnerability Management, Incident Response, Security Engineering and Security Operations. You will be a technical, engineering, and operational subject matter expert across the full spectrum of security programs at Gravie, while also having the opportunity to specialize your role and own individual programs. The ideal candidate will possess sufficient technical breadth and depth coupled with an ability to lead, communicate effectively, and build relationships. Additionally, the ideal candidate will be exceptionally motivated, eager to learn and make an impact across multiple security verticals while also being comfortable taking initiative and working through ambiguous situations in an environment where excellence is expected.</span></div><div><span style="font-size: 16px">&nbsp;</span></div><div><b style="font-size: 16px">You will:</b></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Assist the Chief Information Security Officer with all aspects of Gravie’s Information Security Program (Governance, Education &amp; Awareness, Vulnerability Management, Incident Response, Security Engineering, Security Operations, etc.)</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Develop your expertise and own entire verticals within our Information Security Program</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Build a comprehensive Application Security Program and/or Vulnerability Management Program with a high degree of autonomy and creativity</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Provide strategic input and be a stakeholder in how the security program evolves</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Conduct outreach efforts and present on security topics internally at Gravie</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Build relationships and collaborate with system owners to identify, track and remediate system and/or software vulnerabilities</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Contribute to incident response efforts and support the evolution of our Security Incident Response Plan (SIRP)</span></div><div><span style="font-size: 16px">&nbsp;</span></div><div><b style="font-size: 16px">You bring:</b></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A track record of execution and delivery showing initiative, creativity and reliability</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Strong verbal and written communication skills with an ability to elegantly convey complex topics and build consensus with stakeholders at all levels</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Deep expertise with at least one of our security verticals with experience in a few</span></div><div><span style="font-size: 16px">&nbsp;</span></div><div><b style="font-size: 16px">Extra credit:</b></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Experience on a small, high performing team with a wide range of responsibilities</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; AWS expertise with a mastery of modern cloud security/engineering topics</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Development/Application Security background with an ability to create and lead an Application Security Program, lead a public Bug Bounty Program and be a go-to resource and security liaison for our Product Team</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Experience building and running a comprehensive Vulnerability Management Program in a modern cloud environment.</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Experience as an Incident Commander responsible for leading incident response efforts&nbsp;</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Experience with GRC security functions related to HIPAA, SOC 2 and NIST.</span></div><div><span style="font-size: 16px">·&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Bachelor’s degree in Computer Science, Engineering, or a related field</span></div><div><span style="font-size: 16px">&nbsp;</span></div><div><span style="font-size: 16px">Competitive pay is standard. Our unique benefits program is the gravy, i.e., the special sauce that sets our compensation package apart. In addition to standard benefits, Gravie’s package includes alternative medicine coverage, flexible PTO, 16 weeks paid parental leave, paid holidays, cell phone reimbursement, education reimbursement, and 1 week of paid paw-ternity leave just to name a few.</span></div><div><span style="font-size: 16px">&nbsp;</span></div><div><span style="font-size: 16px">&nbsp;</span></div>

Location: Minneapolis, MN

  

Employment Type: Full Time

  

Team: Engineering

  

Hi, we’re Gravie. Our mission is to improve the way people purchase and access
healthcare through innovative, consumer-centric health benefit solutions that
people can actually use. Our industry-changing products and services are
developed and delivered by a diverse group of unique people. We encourage you
to be your authentic self - we like you that way.



We’re looking for a Principal Information Security Engineer (Generalist) who
will be responsible for assisting with all aspects of Gravie’s comprehensive
Information Security Program. You will be given a great deal of freedom,
opportunity, responsibility, and autonomy as an early hire on our growing
Information Security Team. You will be involved with evolving multiple
security programs such as Governance, Education & Awareness, Vulnerability
Management, Incident Response, Security Engineering and Security Operations.
You will be a technical, engineering, and operational subject matter expert
across the full spectrum of security programs at Gravie, while also having the
opportunity to specialize your role and own individual programs. The ideal
candidate will possess sufficient technical breadth and depth coupled with an
ability to lead, communicate effectively, and build relationships.
Additionally, the ideal candidate will be exceptionally motivated, eager to
learn and make an impact across multiple security verticals while also being
comfortable taking initiative and working through ambiguous situations in an
environment where excellence is expected.



 **You will:**

·       Assist the Chief Information Security Officer with all aspects of
Gravie’s Information Security Program (Governance, Education & Awareness,
Vulnerability Management, Incident Response, Security Engineering, Security
Operations, etc.)

·       Develop your expertise and own entire verticals within our Information
Security Program

·       Build a comprehensive Application Security Program and/or
Vulnerability Management Program with a high degree of autonomy and creativity

·       Provide strategic input and be a stakeholder in how the security
program evolves

·       Conduct outreach efforts and present on security topics internally at
Gravie

·       Build relationships and collaborate with system owners to identify,
track and remediate system and/or software vulnerabilities

·       Contribute to incident response efforts and support the evolution of
our Security Incident Response Plan (SIRP)



 **You bring:**

·       A track record of execution and delivery showing initiative,
creativity and reliability

·       Strong verbal and written communication skills with an ability to
elegantly convey complex topics and build consensus with stakeholders at all
levels

·       Deep expertise with at least one of our security verticals with
experience in a few



 **Extra credit:**

·       Experience on a small, high performing team with a wide range of
responsibilities

·       AWS expertise with a mastery of modern cloud security/engineering
topics

·       Development/Application Security background with an ability to create
and lead an Application Security Program, lead a public Bug Bounty Program and
be a go-to resource and security liaison for our Product Team

·       Experience building and running a comprehensive Vulnerability
Management Program in a modern cloud environment.

·       Experience as an Incident Commander responsible for leading incident
response efforts

·       Experience with GRC security functions related to HIPAA, SOC 2 and
NIST.

·       Bachelor’s degree in Computer Science, Engineering, or a related field



Competitive pay is standard. Our unique benefits program is the gravy, i.e.,
the special sauce that sets our compensation package apart. In addition to
standard benefits, Gravie’s package includes alternative medicine coverage,
flexible PTO, 16 weeks paid parental leave, paid holidays, cell phone
reimbursement, education reimbursement, and 1 week of paid paw-ternity leave
just to name a few.





