Offensive Security Engineer at Arcadia (Remote)

| Remote
Sorry, this job was removed at 11:26 a.m. (EST) on Tuesday, August 30, 2022
Find out who’s hiring remotely
See all Remote jobs
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Due to Covid-19 we are working 100% remotely, this includes the hiring process. When it is safe to do so, we will return to a hybrid of onsite and remote work for some positions.
Why This Role Is Important To Arcadia
Arcadia is looking for an Offensive Security Engineer to report directly to our VP of Security, Privacy & Compliance. In this multi-faceted role, you will be an integral part of our Security team, responsible for designing, conducting and reporting on penetration tests against components of our SaaS web application. You will also work with software developers to ensure secure coding and assist with the remediation of any vulnerabilities identified.
The Offensive Security Engineer will work as a member for the Information Security team focused on ensuring the security of Arcadia's Population Health Analytics portfolio through application security testing, code review, and risk/impact analysis of proposed changes and features. This role will partner with both engineering and product to ensure that security requirements are consistently considered and addressed throughout the development and operational lifecycle including ownership of the SDLC Security plan, code review and remediation, pre-production and ongoing application security testing, vulnerability tracking and remediation.
The right Offensive Security Engineer can work independently and follow up with various lines of business as needed to ensure timely testing of the application and closure of any findings. We are looking for someone who is passionate about finding and fixing application vulnerabilities and will be hyper-vigilant in ensuring that all facets of our SaaS web application is secure against attackers.
What Success Looks Like
In 3 months- Plan and execute penetration tests against web applications and infrastructure; produce reports for stakeholders.- Ensure the implementation of HITRUST controls related to Secure Application Development.- Participate in Information Security & Privacy Steering Committee Meetings.- Conduct code reviews.
In 6 months- Track remediation efforts for discovered vulnerabilities and ensure they are patched according to the timeframes specified.- Work with Product and Engineering teams to review new features from a security perspective, perform threat modeling, and conduct code reviews.
In 12 months- Participate in building and maturing security capabilities and operations.- Ensure that new product releases are continuously being tested prior to being put into production.
What Will You Be Doing
    • Defining, maintaining, and implementing application security best practices to meet HITRUST requirements.
    • Owning Security SDLC plan and processes ensuring relevant tasks are completed and required artifacts are created and maintained.
    • Providing guidance to Engineering teams during design reviews including threat modeling.
    • Integrating security best practices and tooling into our CI/CD processes.
    • Evaluating the impact to the organization of current security advisories, publications, and trends.
    • Working with Security team and Product stakeholders to build a penetration testing schedule for all products and infrastructure.
    • Performing penetration tests and review web applications, source code, operating systems, and network security architectures; find vulnerabilities and define effective strategies for remediation and hardening.
    • Performing Red/Purple Team exercises to identify strengths and gaps in defensive tools and processes.
    • Explaining and demonstrating vulnerabilities to product stakeholders, provide remediation steps, and design solution prototypes and/or implement security enhancements.
    • Tracking and driving remediation efforts for discovered vulnerabilities in web applications and network ensuring they are patched according to the timeframes specified by policy.
    • Participating in building and maturing security capabilities and operations.
    • Ensuring that the Security Impact Analysis is completed for web/code changes as part of Change Management process.
    • Ensuring that all changes are properly tested in a separate test environment prior to being put into production.
    • Participating as a key member of Incident Response team as web application and network security SME focused on determining impact, root cause, and resolution associated.
    • Identifying, vetting, and coordinating third party vendors in meeting third-party application security testing requirements.

What You'll Bring
    • A passion for Application and Network Security with an attacker mindset.
    • 3+ years of proven code review and penetration testing experience in both web applications and infrastructure; finding vulnerabilities and defining effective strategies for remediation and hardening.
    • Experience testing and securing infrastructure on cloud providers such as AWS/Azure.
    • Knowledge of the Secure SDLC.
    • A firm understanding of OWASP Top 10.
    • Experience with static and dynamic code analysis.
    • Strong scripting and development skills in languages such as Java, JavaScript, Ruby, Python.
    • Security certifications such as OSCP, OSCE, PNPT, EWPT, ECPTX.
    • Ability to write formal assessment reports and to explain vulnerabilities to different stakeholders.
    • Knowledge and understanding of attack surfaces and the ability to carry out APT style tactics, techniques, and procedures on enterprise systems and services.

Would Love For You To Have
    • Experience threat modeling SaaS products, cloud infrastructure, RESTful microservices, etc
    • Applied security research, cryptography, reverse engineering, and fuzzing experience.
    • Additional certifications such as OSWE, GPEN, GXPN, or CREST will be very desirable.
    • Experience in Vulnerability management within containerized environments
    • Strong IaaS security skills, with a focus on AWS
    • Understanding of Microsoft Windows Server/AD deployments
    • Experience conducting Red Team and Purple Team operations

What You'll Get
    • You will work with a team of experts in building and maintaining a highly validated security and privacy program for the leader in Population Health and Healthcare data analytics including experience with certifications such as HITRUST, ISO 27001, and SOC 2.
    • Be a part of a team and organization that has built security and privacy into the fabric and culture of the organization.
    • You will learn how to build and maintain a fully validated and industry leading security program.
    • Your responsibilities will grow with you as a critical member of our team.
    • Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care
    • A flexible, remote friendly company with personality and heart
    • Employee driven programs and initiatives for personal and professional development
    • Be a member of the Arcadian and Barkadian Community

About Arcadia helps innovative healthcare systems and health plans around the country transform healthcare to reduce cost while improving patient health. We do this by aggregating massive amounts of clinical and claims data, applying algorithms to identify opportunities to provide better patient care, and making those opportunities actionable by physicians at the point of care in near-real time. We are passionate about helping our customers drive meaningful outcomes. We are growing fast and have emerged as the market leader in the highly competitive population health management software and value-based care services markets, and we have been recognized by industry analysts KLAS, IDC, Forrester and Chilmark for our leadership. For a better sense of our brand and products, please explore our website , our online resources , and our interactive Data Gallery .
This position is responsible for following all Security policies and procedures in order to protect all PHI under Arcadia's custodianship as well as Arcadia Intellectual Properties. For any security-specific roles, the responsibilities would be further defined by the hiring manager.
Read Full Job Description
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • ReduxLibraries
    • HadoopFrameworks
    • Node.jsFrameworks
    • Ruby on RailsFrameworks
    • SparkFrameworks
    • TensorFlowFrameworks
    • PostgreSQLDatabases
    • HadoopDatabases
    • SQLDatabases
    • Google AnalyticsAnalytics
    • IllustratorDesign
    • PhotoshopDesign
    • PixelmatorDesign
    • AsanaManagement
    • ConfluenceManagement
    • JIRAManagement
    • WordpressCMS
    • HubSpotCRM
    • SalesforceCRM
    • HubspotEmail
    • HubspotLead Gen


Boston's Seaport Neighborhood is full of great food, beautiful parks, and lots to do. It's a growing hub of arts and culture, and a fantastic place to live and work. Conveniently located just a short bike-ride from downtown and in walking distance of the convention center, this is the place to be.

An Insider's view of Arcadia

What's something quirky about your company?

I love how Arcadia has this really cool and quirky way of introducing new Employees that I've never seen anywhere else - right around the start of WFH we launched a weekly interview show to introduce new Arcadians and engage them in the culture, I think half the company has been interviewed at this point and it's a great way to get to know people!


IT Manager

How has your career grown since starting at the company?

When I first came to Arcadia, I was the only person in my department, filling a brand-new role. In my 8 years here, my career has grown rapidly. I am now a Sr Manager of a department of 9, building the auditing program from the ground up and am known as a go-to person within the Value Based Care Services.


Director, Contractual Oversite and Performance

How do you make yourself accessible to the rest of the team?

It's as easy as making time. I meet with my team members for one on ones to understand where their stressors are. Sometimes it's personal and I support with flexibility, time, or PeopleOps other times it's professional and these I tactically work with the team to coach or intervene.


Director, Engineering

What are Arcadia Perks + Benefits

Arcadia Benefits Overview

Flexible working options, hybrid teams, and unlimited vacations are only a few of the incredible benefits you'll get at Arcadia. As a leader in HealthIT and data, we're making a mark on the standards of work-life balance. Take a look at some of the incredible perks of being an Arcadian.

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Open door policy
Team owned deliverables
Group brainstorming sessions
Pair programming
Highly diverse management team
Diversity manifesto
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Wellness Programs
Team workouts
We offer biweekly Yoga and guided cardio workout sessions as well as have a Fitness and Fun video library with prior classes for reference.
Mental Health Benefits
We have an EAP (Employee Assistance Program) in place and an ongoing webinars focusing on mental health, coping with COVID, and emotional well-being.
Retirement & Stock Options Benefits
401(K) Matching
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Company sponsored family events
Vacation & Time Off Benefits
Unlimited Vacation Policy
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Beer on Tap
Casual Dress
Company Outings
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Pet Friendly
Fitness Subsidies
Home Office Stipend for Remote Employees
We work with all of our employees to ensure they have an functional and comfortable home office with a focus on ergonomics.
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Cross functional training encouraged
Promote from within
Time allotted for learning
Online course subscriptions available
Customized development tracks
Paid industry certifications

Additional Perks + Benefits

At Arcadia we create programs and opportunities that allow connection with one another and bridge the work from home gap. We host themed events, contests with prizes, and provide resources for shared personal and professional interests.

More Jobs at Arcadia

Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView Arcadia's full profileSee more Arcadia jobs