Information Security Engineer
Engineering | San Francisco, CA, United States

Audax Health is looking for an Information Security Engineer to join our IT team. This type of role is a unique personality set that likes to thrive on dealing with vulnerabilities and preventing intrusions. In the situation that an event does take place, this person would help detail the scope and impact and help drive the remediation.

This individual will be responsible for the incident response process as it pertains to our security of our products both internally and externally. They will be working proactively to ensure safety across our organization, and partner with the appropriate teams for the handling of any security incidents. We'll also expect this individual to perform vulnerability testing across our products.

Skills and Requirements


Incident Response

  • Respond to computer security incidents according to the Computer Security Incident Response Policy (CSIRP).
  • Provide guidance to first responders for handling information security incidents.
  • Coordinate efforts among multiple business units during response.
  • Provide timely and relevant updates to appropriate stakeholders and decision makers.
  • Provide investigation findings to relevant business units to help improve information security posture.
  • Validate and maintain incident response plan and processes to address potential threats.
  • Compile and analyze data for management reporting and metrics.


Threat Management

  • Monitor information security related Web sites (US-CERT, SANS Internet Storm Center, etc.) and mailing lists (DHS Infrastructure, BugTraq, etc.) to stay up to date on current attacks and trends.
  • Analyze potential impact of new threats and exploits and communicate risks to relevant business units.



  • Three or more years of technical experience in the information security field, preferably in this particular industry
  • Three or more years of practical experience in an incident response role
  • Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting; intrusion tools; and computer forensic tools such as EnCaseR and open source alternatives
  • Familiarity with security regulatory requirements and standards (such as NIST 800 series, ISO 2700x series, GLBA, FFIEC)
  • Advanced knowledge and experience with the Apple and Linux operating systems
  • Working knowledge of and experience in investigating malicious code


Demonstrated ability to apply technical and analytical skills in a security environment

  • Ability to work extremely well under pressure while maintaining a professional image and approach
  • Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause
  • Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports
  • Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants
  • Strong communication skills such as planning and leading effective meetings, conducting structured interviews to collect information, interpersonal and negotiation skills, and presenting to a variety of audiences
  • Advanced skills to present information to stakeholders and/or decision makers in an effective and professional deliverable



  • Bachelor’s degree in management information systems, computer science, or related discipline is required.
  • Postgraduate degrees and certificate programs in relevant areas that demonstrate analytical writing will also be considered.
  • CISSP certified/qualified or ability to pursue obtaining these certifications within six months of hire
  • SANS GCIH or GCFA, CISA, CISM, EnCER certification(s) and preferred but not required.