Senior Security Engineer

What you’ll do

In a few words…

Abarca is igniting a revolution in healthcare. We built our company on the belief that with smarter technology we are redefining pharmacy benefits, but this is just the beginning…

As a Senior Security Engineer, you will play a critical role in maturing our cloud and infrastructure security capabilities and protecting our cloud-based environment and sensitive data, including PHI and PII. As a hands-on technical expert and leader, you will contribute directly to the design, implementation, and evolution of our security strategy by identifying risks, designing scalable security controls, building practical automation to reduce operational effort, and driving remediation efforts that strengthen our overall security architecture. In this role, you will partner closely with Engineering and Infrastructure teams to embed security-by-design and serve as a technical escalation point for incident response and audit readiness within a regulated healthcare environment.

The fundamentals for the job…

• Own and drive security engineering initiatives that improve cloud and infrastructure security, including standards, guardrails, and technical controls.

• Design, implement, and continuously improve security controls across Azure (primary) and supporting services (e.g., Entra ID, Azure Policy, Defender for Cloud, Log Analytics/SIEM as applicable).

• Engineer and operationalize identity and access governance controls (RBAC, Conditional Access, privileged access workflows, and access logging) in partnership with other teams.

• Build and mature detection and response capabilities: tune alerts, improve signal quality, and contribute to playbooks and automation for common security events.

• Lead technical incident response activities: triage, scope, containment, eradication, recovery, and post-incident corrective actions and lessons learned.

• Own the technical execution of vulnerability lifecycle management (scanning, triage, prioritization, remediation coordination, and verification) and drive measurable reductions in risk and remediation timelines.

• Perform security gap assessments; translate findings into actionable remediation plans; and partner with stakeholders to implement durable fixes.

• Partner with Engineering teams to embed security into delivery processes (secure configuration patterns, CI/CD security checks where applicable, and security reviews for new services and changes).

• Support audit and compliance readiness by implementing and validating technical controls aligned to NIST 800-53 and HITRUST, and by producing technical evidence and remediation documentation.

• Document and maintain security standards, playbooks, and procedures; mentor peers and junior team members; and serve as an escalation point for complex security issues.

• Continuously monitor emerging threats, security advisories, and cloud platform changes; recommend and implement improvements.

• Perform other duties and special projects as assigned.

What we expect of you

The bold requirements…

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent relevant experience).

• 6+ years of experience in security engineering, infrastructure security, or cloud security.

• Hands-on experience securing cloud environments (identity, governance, monitoring, and secure configuration patterns).

• Strong understanding of identity and access management concepts (RBAC, MFA, privileged access, logging, and least privilege).

• Experience leading or materially contributing to incident response and post-incident improvements.

• Experience managing vulnerability lifecycle activities end-to-end in a cloud environment and partnering with other teams to remediate findings.

• Experience operating in regulated environments and supporting audits (e.g., HIPAA, SOC 2).

• Excellent oral and written communication skills.

• Availability to work rotating or irregular shifts, including after-hours on-call support, as dictated by operational needs.

• We are proud to offer a flexible hybrid work model which will require certain on-site work days (Puerto Rico Location Only).

Nice to haves…

• Experience with cloud security tooling such as Microsoft Defender for Cloud, SIEM/SOAR platforms, EDR solutions, CSPM tools, and vulnerability management platforms.

• Experience with infrastructure-as-code and automation (e.g., Terraform/Bicep, PowerShell/Python) and integrating security checks into CI/CD pipelines.

• Experience with Linux hardening and container/Kubernetes security concepts.

• Healthcare or fintech experience with strong control and evidence requirements.

• Familiarity with NIST 800-53 and HITRUST.

• Security-related certifications (e.g., CISSP, CCSP, CISM, Security+, AZ-500, or equivalent).

Physical requirements…

• Must be able to access and navigate each department at the organization’s facilities.

• Sedentary work that primarily involves sitting/standing.

At Abarca we value and celebrate diversity. Diversity, equity, inclusion, and belonging are guiding principles of Abarca and ensure Abarca’s workforce reflects the communities it serves. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify. “Applicant must be a United States’ citizen or Permanent Resident. Abarca Health LLC does not sponsor employment visas at this time”

The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

#LI-MH1 #LI-REMOTE