Principal Engineer, Cybersecurity

Who We Are:

SmithRx is a rapidly growing, venture-backed Health-Tech company.  Our mission is to disrupt the expensive and inefficient Pharmacy Benefit Management (PBM) sector by building a next-generation drug acquisition platform driven by cutting edge technology, innovative cost saving tools, and best-in-class customer service.  With hundreds of thousands of members onboarded since 2016, SmithRx has a solution that is resonating with clients all across the country.

We pride ourselves for our mission-driven and collaborative culture that inspires our employees to do their best work. We believe that the U.S healthcare system is in need of transformation, and we come to work each day dedicated to making that change a reality. At our core, we are guided by our company values:

• Integrity: Always operate with honesty and transparency so we earn the trust of our clients.
• Courage: Demonstrate the courage needed to take on a broken industry and continuously improve what we offer to optimize health outcomes.
• Together: Foster a collaborative and inclusive environment that values teamwork, respect, and open communication, and encourages creativity and diversity of thought.

Job Summary:

SmithRx is seeking an experienced Principal Engineer, Cybersecurity to lead the design and implementation of our security capabilities across all technology platforms. This role is responsible for establishing robust security capabilities and enhancing SmithRx’s security posture, developing and communicating technical security standards, and ensuring that security controls are designed to meet requirements for the protection of sensitive data and systems. 

In order to be eligible for this position applicants must be based in on of the following states: Arkansas, Arizona, California, Colorado, Florida, Georgia, Kansas, Minnesota, Missouri, Nevada, Ohio, Pennsylvania, Tennessee, Texas, Utah, Virginia, Washington, Wisconsin.

What you will do:

• Develop and maintain the overarching cybersecurity product for SmithRx, ensuring alignment with security strategy, business goals, and regulatory requirements.
• Lead security architecture reviews for new systems, platforms, and IT projects.
• Define processes, workflows, and templates for security drive  to standardize practices across the organization.
• Lead the design and implementation of security controls across cloud and on-premise environments, ensuring the protection of sensitive data.
• Collaborate with IT, DevOps, and Product teams to integrate security practices into the development lifecycle.
• Provide expert guidance on secure system design, threat modeling, and risk assessment to IT and development teams.
• Own, define, communicate, and drive the technical vision and product strategy for security capabilities.
• Stay informed on emerging cybersecurity threats and best practices, integrating them into the company's security strategy.
• Collaborate with legal and compliance teams to ensure adherence to industry regulations, including HIPAA.
• Support and contribute to incident response efforts and provide guidance on remediation and recovery strategies.
• Mentor, lead, and develop a team of cybersecurity and IT professionals, fostering a culture of security awareness and continuous improvement.

What you will bring to SmithRx:

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience; advanced degree preferred.
• 15+ years of experience in information security, with at least 2 years in a security architecture role. 12+ years OK with advanced degree. 
• Familiarity with known adversary tactics, techniques, and procedures, such as MITRE ATT&CK
• Proven experience in defining and implementing processes, workflows, and templates for security architecture.
• Strong experience with regulatory and compliance requirements (e.g., HIPAA, SOC2, and privacy frameworks).
• Experience with cloud security and designing security solutions for complex, multi-cloud environments, particularly in AWS, Azure, or Google Cloud environments.
• Proficiency in zero-trust, cloud security, application security, identity management, and data protection.
• Relevant certifications such as CISSP, CISM, or CISA preferred.
• Excellent communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.

What SmithRx Offers You: 

• Highly competitive wellness benefits including Medical, Pharmacy, Dental, Vision, and Life Insurance and AD&D Insurance
• Flexible Spending Benefits 
• 401(k) Retirement Savings Program 
• Short-term and long-term disability
• Discretionary Paid Time Off 
• 12 Paid Holidays
• Wellness Benefits
• Commuter Benefits 
• Paid Parental Leave benefits
• Employee Assistance Program (EAP)
• Well-stocked kitchen in office locations
• Professional development and training opportunities