The Principal Cybersecurity Engineer is responsible for ensuring the security, compliance, and optimization of the organization’s IT systems and services. This role combines oversight of regulatory compliance—adhering to standards such as HIPAA, HITRUST, and other industry frameworks—with the design, implementation, and maintenance of robust cybersecurity programs. Acting as a technical leader and subject matter expert (SME), the Principal Engineer collaborates across teams to enhance security posture, protect against evolving threats, and support business continuity. This position requires deep expertise in cybersecurity principles, regulatory requirements, and best practices, alongside the ability to communicate effectively with both technical and executive stakeholders.
Key Responsibilities:Security Leadership (20%):
Develop, implement, and manage the Healthcare division’s overall security strategy to safeguard sensitive healthcare data, infrastructure, and applications.
Collaborate with the enterprise security team on the design and maintenance of security controls, risk management strategies, and incident response protocols.
Continuously monitor the security landscape and adapt the company’s security posture to address new threats and vulnerabilities.
Compliance Management (20%):
Ensure the company’s technology systems and practices comply with healthcare regulations (HIPAA, HITRUST, GDPR, etc.) and maintain all required certifications.
Work closely with legal, HR, and operations teams to ensure adherence to internal and external policies governing data privacy and security.
Conduct regular compliance audits and assessments to identify gaps and lead initiatives to close them.
Collaboration with IT and Engineering Teams (20%):
Work with IT, DevOps, and product teams to integrate security best practices throughout the software development lifecycle (SDLC).
Implement secure-by-design methodologies in all technology solutions, ensuring that products are built with security from the ground up.
Collaborate on infrastructure security, including network architecture, cloud security, and endpoint protection.
Risk Assessment & Incident Response (15%):
Lead risk assessment efforts across all technology platforms and services, identifying potential threats and vulnerabilities.
Develop and maintain a robust incident response plan, ensuring readiness to handle security breaches, data loss, or regulatory incidents.
Oversee the investigation of security incidents, including data breaches, and manage the communication process with internal and external stakeholders.
Training and Awareness (15%):
Develop and implement security awareness programs for all employees, ensuring that security and compliance are ingrained in the company culture.
Provide leadership and education on emerging security threats and regulatory changes to senior management and key stakeholders.
Regulatory and Client Relationships (10%):
Maintain strong relationships with regulatory bodies and clients to ensure transparency and compliance in all data security matters.
Serve as the main point of contact for regulatory audits and certifications related to security and compliance.
Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree
CISSP, CISM, CRISC, CISA, or similar certification.
10+ years of experience in security, compliance, or risk management, with a focus on healthcare or other highly regulated industries.
Strong knowledge of healthcare regulations, including HIPAA, HITRUST, GDPR, and relevant security frameworks (NIST, ISO 27001 PCI DSS, and SOC 2).
Proven experience leading security teams and managing compliance programs.
Expertise in incident response, threat management, and security operations.
Excellent communication skills, with the ability to engage and influence senior leadership and cross-functional teams.
General
Experience with cloud security (Google, Azure) and modern DevSecOps practices.
Familiarity with healthcare-related cybersecurity threats and defense strategies.
Expertise in big data platforms (e.g., Elasticsearch, BigQuery) and security tools (e.g., Burp Suite, Metasploit).
Core Cybersecurity Domains
Detection Engineering, Threat Intelligence, and Malware Analysis.
Network Security and Monitoring.
Security Tool Development and DevSecOps practices.
Advanced Knowledge Areas
Secure design principles, database security, cloud computing, and cryptography.
Identity and access management, including multi-factor authentication and credential management.
Incident management and forensics.
Software Development Security
Solid understanding of SDLC, secure coding practices, and DevOps integration.
Proficient in identifying and mitigating vulnerabilities, such as privilege escalation and input validation.
We are an Equal Opportunity Employer, including disability/vets.
This position is not eligible for student visa sponsorship, including F-1 OPT or CPT. Candidates must have authorization to work in the U.S. without the need for employer sponsorship now or in the future.
Top Skills
Similar Jobs
.png)
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
