Archimedes

Archimedes - Transforming the Specialty Drug Benefit - Archimedes is the industry leader in specialty drug management solutions. Founded with the goal of transforming the PBM industry to provide the necessary ingredients for the sustainability of the prescription drug benefit – alignment, value and transparency – Archimedes achieves superior results for clients by eliminating tightly held PBM conflicts of interest including drug spread, rebate retention and pharmacy ownership and delivering the most rigorous clinical management at the lowest net cost. .____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________. Current associates must use SSO login option at https://employees-navitus.icims.com/ to be considered for internal opportunities.________We are committed to providing equal employment opportunity to all applicants and employees and comply with all applicable nondiscrimination regulations, including those related to protected veterans and individuals with disabilities. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or handicap.

USD $0.00 - USD $0.00 /Yr.

10.00 - Manager, Clinical Mgr, Pharm Supvr, CAE, Sr CAE I

Our Core Business Hours Hybrid (3 days in office per week)

ATTENTION: Archimedes is unable to offer remote work to residents of Alaska, Hawaii, Maine, Mississippi, New Hampshire, New Mexico, North Dakota, Rhode Island, South Carolina, South Dakota, West Virginia, and Wyoming.

The Engineer, Security specializes in designing, implementing, and operating security controls for Azure and Microsoft cloud services. This role is responsible for protecting systems and applications that process, store, or transmit Protected Health Information (PHI), ensuring compliance with HIPAA Security Rule requirements through secure design, monitoring, and continuous risk management. This role focuses on reducing risk through secure architecture, security automation, and continuous monitoring across IaaS, PaaS, and identity workloads. The Engineer partners closely with Infrastructure, DevOps, and Software Engineering teams to embed security-by-design into platforms and delivery pipelines. This role also serves as the primary application security engineering function, partnering with Software Engineering and DevOps to identify, prevent, and remediate application-layer risks throughout the SDLC. This includes secure design reviews, threat modeling, CI/CD security controls, vulnerability remediation, and runtime protection of cloud-native applications.

In addition, the Engineer, Security supports security operations by tuning detections, investigating alerts, and coordinating incident response using Microsoft Defender (including Defender for Cloud and Microsoft Defender XDR) and SIEM/SOAR capabilities such as Microsoft Sentinel. The Engineer helps protect internet-facing applications through Web Application Firewall (WAF) controls and Azure Front Door (AFD) security features, aligning protections to OWASP Top 10 risks. This position contributes to audit readiness and continuous compliance with regulatory standards (e.g., HIPAA, SOC 2, ISO 27001) through evidence collection, control validation, and policy-as-code practices.

How do I make an impact on my team?

• Design and implement cloud security controls across Azure workloads (IaaS/PaaS), including network segmentation, Private Link/Private Endpoints, NSGs, Azure Firewall, and secure ingress/egress patterns.
• Design and validate security controls for applications and platforms that process Protected Health Information (PHI), including encryption, access controls, logging, and secure data flows.
• Support HIPAA and SOC 2 compliance by mapping technical controls to PHI risks, validating effectiveness, and producing audit‑ready evidence.
• Deploy, configure, and operationalize Microsoft Defender for Cloud (secure score, regulatory compliance, recommendations, JIT access) and integrate findings into remediation workflows.
• Serve as the primary Application Security (AppSec) engineer, partnering with Software Engineering to embed security controls across design, build, test, and runtime phases.
• Perform threat modeling and architecture reviews for new applications, major changes, and integrations (data flows, identity, APIs).
• Define and maintain application security requirements aligned to OWASP Top 10, API Security Top 10, and cloud-native threat models.
• Engineer detections and response workflows in Microsoft Sentinel (analytics rules, automation rules, playbooks), including KQL-based hunting and incident triage.
• Manage identity and access controls in Microsoft Entra ID, including RBAC, Conditional Access, MFA, Privileged Identity Management (PIM), and Managed Identities.
• Harden internet-facing applications using Azure Web Application Firewall (WAF) and Azure Front Door (AFD) policies, aligning protections to OWASP Top 10 and validating through testing and logging.
• Implement secure configuration baselines and policy-as-code using Azure Policy and Management Groups; define guardrails for encryption, logging, networking, and identity.
• Build and maintain security logging and telemetry (Azure Monitor, Log Analytics, Defender, AFD/WAF logs), ensuring required retention, diagnostics settings, and centralized visibility.
• Operate vulnerability management for cloud and application surfaces (e.g., Defender recommendations, scanning outputs), drive remediation prioritization, and validate fixes.
• Integrate application security tooling into CI/CD pipelines (SAST, SCA, secrets scanning, IaC scanning), ensuring actionable results without disrupting delivery.
• Triage and prioritize application vulnerabilities (code, dependencies, misconfigurations) based on risk, exploitability, and business impact.
• Partner with engineering teams to remediate findings and validate fixes.
• Secure secrets, keys, and certificates using Azure Key Vault, including access controls, rotation practices, and integration with applications and pipelines.
• Secure APIs and web services using authentication, authorization, rate limiting, and abuse protections.
• Validate WAF, AFD, and API gateway controls against application-specific threats, including bot abuse and injection attacks.
• Monitor runtime application telemetry for security signals and collaborate on incident response when application-layer issues are identified.
• Partner with engineering teams to embed secure SDLC practices: threat modeling, security requirements, secure configuration, and remediation guidance for OWASP Top 10 classes.
• Review and improve Infrastructure-as-Code (Terraform/Bicep/ARM) for security and compliance, including least-privilege IAM, secure networking defaults, and drift detection.
• Investigate security events and participate in incident response, including containment/eradication, evidence collection, and post-incident root cause analysis and lessons learned.
• Oversee dependency and third-party library risk (SCA), including vulnerability tracking and remediation guidance.
• Define secure patterns for secrets management, service-to-service authentication, and external integrations.
• Support endpoint, identity, and cloud workload investigations using Microsoft Defender XDR and related telemetry; tune alerting to reduce noise and improve fidelity.
• Maintain runbooks, playbooks, and security documentation; contribute to change management and control evidence for audits and risk assessments.
• Conduct security reviews of cloud architecture and changes (new services, networking, identity, data flows), providing actionable recommendations and risk-based exceptions when needed.
• Participate in, adhere to and support compliance and diversity, equity, and inclusion program objectives.
• Other duties as assigned.

 

What our team expects from you?

• Education: Bachelor’s degree or equivalent work experience required.

• Certification/Licenses: Microsoft security certifications such as Azure Security Engineer Associate (AZ-500) preferred; additional certifications such as SC-200 (Security Operations Analyst), SC-100 (Cybersecurity Architect), or equivalent security certifications preferred.

• Experience:
  • 5+ years of experience in cloud security, security engineering, security operations, or cloud infrastructure roles with significant security responsibilities (Azure preferred).
  • Hands-on experience with Microsoft Defender (Defender for Cloud and/or Microsoft Defender XDR) and translating security findings into prioritized remediation.
  • Experience with Microsoft Sentinel (or equivalent SIEM), including KQL queries, detection engineering, alert triage, and incident investigation.
  • Strong understanding of Azure networking and security controls, including secure ingress/egress, firewalling, Private Link, and DNS considerations.
  • Experience protecting web applications using WAF capabilities (Azure WAF/Application Gateway and/or Azure Front Door), including rule tuning and monitoring aligned to OWASP Top 10.
  • Hands-on experience with application security practices, including threat modeling, secure design reviews, and remediation of OWASP Top 10 vulnerabilities.
  • Experience integrating security controls into CI/CD pipelines (SAST, SCA, secrets scanning, IaC scanning).
  • Understanding of API security, authentication/authorization patterns, and common web application attack techniques.
  • Experience partnering with software engineers to drive secure coding practices and risk-based remediation.
  • Solid grasp of identity and access management (Entra ID), RBAC, least privilege, Key Vault, and platform security controls required.
  • Experience implementing governance guardrails using Azure Policy, Management Groups, and security baselines (e.g., Azure Security Benchmark) required.
  • Experience reviewing and securing Infrastructure as Code (Terraform/Bicep/ARM), including secure defaults, secret handling, and drift detection preferred.
  • Familiarity with DevSecOps practices (security scanning, policy enforcement, and automated evidence collection) integrated into CI/CD pipelines preferred.
  • Experience with incident response processes, alert investigation, and post-incident reviews (RCA/lessons learned) preferred.
  • Skills & Technologies
    • Compute & Platform: Azure VMs, App Services, AKS, Azure Functions, Virtual Desktop
    • Infrastructure as Code: Terraform, Bicep, ARM, Azure CLI, PowerShell
    • Networking: VNets, NSGs, UDRs, Azure Firewall, VPN Gateway, ExpressRoute, App Gateway, Front Door, Private Link
    • Web & Edge Security: Azure WAF (Application Gateway/Front Door), Azure Front Door (AFD) security policies, OWASP Top 10
    • Monitoring, Logging & SIEM: Azure Monitor, Log Analytics, KQL, Microsoft Sentinel, Defender telemetry
    • Security & Threat Detection: Microsoft Defender for Cloud, Microsoft Defender XDR, secure score, security posture management
    • Automation & CI/CD: Azure DevOps Pipelines, GitHub Actions, scripting (PowerShell, Python), Runbooks
    • Governance, Risk & Compliance: Azure Policy, Management Groups, Azure Security Benchmark, regulatory compliance reporting, evidence collection
    • Identity & Access: Microsoft Entra ID, Conditional Access, MFA, PIM, RBAC, Managed Identities
    • Secrets & Key Management: Azure Key Vault, certificate/secret rotation, encryption key management, secure secret handling in CI/CD
    • Vulnerability & AppSec: vulnerability management, secure SDLC, threat modeling, remediation of OWASP Top 10 issues
    • Endpoint & Device Security: Microsoft Defender for Endpoint (MDE) and endpoint investigation workflows (as applicable)
    • Version Control: Git (Azure Repos, GitHub)

What can you expect from Archimedes? 

• Top of the industry benefits for Health, Dental, and Vision insurance 
• 20 days paid time off 
• 4 weeks paid parental leave 
• 9 paid holidays 
• 401K company match of up to 5% - No vesting requirement 
• Adoption Assistance Program 
• Flexible Spending Account 
• Educational Assistance Plan and Professional Membership assistance

Remote

US