Penn Interactive

Key Responsibilities

Security Architecture & Implementation

• Design, deploy, and manage robust security controls across Aletha Health’s cloud infrastructure and software ecosystem.
• Streamline authentication by implementing and optimizing Single Sign-On (SSO) with cloud-based directory services.
• Evaluate, recommend, and implement cloud-native solutions for Mobile Device Management (MDM), Bring Your Own Device (BYOD), and Endpoint Detection and Response (EDR) to meet compliance and operational security needs.

Compliance & Governance

• Ensure adherence to regulatory and industry standards including HIPAA, ISO 27001, GDPR, CIS, and NIST frameworks.
• Develop, enforce, and continuously improve security policies and procedures to safeguard sensitive data and user privacy.
• Conduct regular audits, risk assessments, and reviews to uphold compliance and strengthen the overall security posture.

Security Operations & Incident Response

• Design and maintain threat detection and monitoring strategies to proactively identify and address security risks.
• Lead incident response efforts, investigate potential threats, and coordinate remediation with cross-functional teams.
• Continuously enhance threat modeling, vulnerability management, and baseline security measures to adapt to evolving threats.

⚙ Secure Development & Automation

• Integrate security best practices into the Secure Software Development Lifecycle (SSDLC) and CI/CD workflows.
• Collaborate with engineering teams to secure codebases, automate testing, and enforce security controls within development pipelines.
• Deploy and manage tools for scanning, penetration testing, and centralized security logging to ensure continuous risk visibility.

Collaboration & Security Awareness

• Work closely with Product, Infrastructure, R&D, and business stakeholders to address security challenges with actionable solutions.
• Continuously assess and optimize existing security practices to improve effectiveness and efficiency.
• Drive a security-first mindset by delivering training, raising awareness, and empowering teams with clear security guidance.

Required Qualifications

• Proven experience in Security Operations (SecOps) and Security Development Operations (SecDevOps) roles.
• Deep understanding of the CIS security framework and HIPAA compliance requirements.
• Hands-on experience integrating SSO with cloud-based identity providers and implementing security tools.
• Expertise in cloud-native security technologies, especially MDM, BYOD, and EDR solutions.
• Proficiency with security monitoring, scanning, logging, and incident response tools.
• Demonstrated ability to assess risk and deploy proactive security controls.
• Strong incident response capabilities and experience leading cross-functional resolution efforts.
• Excellent communication, problem-solving, and stakeholder engagement skills.
• Solid experience with cloud security stacks (AWS, Azure, or Google Cloud).
• In-depth knowledge of secure development principles and SSDLC methodologies.

Preferred Qualifications

• and managing compliance initiatives.
• Background in healthcare or health-tech security environments is a strong plus.
• Professional certifications such as CISSP or CISM are highly desirable.
• Experience implementing Zero Trust architectures is a significant advantage.

Job Type: Contract

Pay: $45,000.00 - $100,000.00 per year

Education:

• Bachelor's (Preferred)

Location:

• Walnut Creek, CA (Required)

Ability to Commute:

• Walnut Creek, CA (Preferred)

Ability to Relocate:

• Walnut Creek, CA: Relocate before starting work (Preferred)

Work Location: On the road