Staff Security Engineer L6

Overview: The Staff Security Engineer L6 (SOC), serves as a senior technical leader for advancing Inovalon's detection, response and automation capabilities across the enterprise, cloud and SaaS environments. As a subject matter expert in Security Operations, SIEM, SOAR and security engineering, the engineer provides deep technical expertise in security monitoring, incident response, threat detection engineering, and automation to strengthen Inovalon's overall security posture.

The Staff Security Engineer L6 is expected to remain current on emerging threats, adversary tactics, cloud and identity risks, and evolving security operations technologies. Working closely with SOC analysts, engineering, IT and cloud teams, this position drives proactive security operations by implementing scalable monitoring, automation and response capabilities that improve visibility, reduce manual effort, and accelerate containment of threats. The Staff Security Engineer L6 also contributes to continuous improvement of SOC processes, metrics, and tooling to ensure alignment with enterprise risk management, compliance obligations, and operational excellence.

Duties and Responsibilities:

• Lead the strategic implementation of security standards in alignment with security policies.

• Provide technical expertise and direction for the selection and implementation of a diverse suite of product security controls and countermeasures.
• Provide technical leadership to recommend appropriate information security frameworks, requirements, direction, and system recommendations.
• Stay abreast of security best practices and technologies, and foster the growth of team members by providing, training, guidance, and mentoring.
• Design, develop, and maintain SOAR playbooks and automated response workflows to improve detection, triage, and containment across endpoint, network, identity, and cloud environments.
• Integrate and optimize SIEM, EDR, vulnerability management, identity, and ticketing platforms (e.g., Rapid7, CrowdStrike, ServiceNow, Azure, email security) to enable end-to-end automated incident response.
• Engineer and tune security detections, enrichment pipelines, and correlation logic to reduce false positives and improve MTTD/MTTR through automation and orchestration.
• Develop and maintain automation scripts and APIs to support SOC operations, including automated containment (isolate host, disable account, block IP/domain), enrichment (threat intel, asset context), and reporting.
• Build and maintain SOC automation use cases such as phishing response, suspicious login triage, malware containment, vulnerability prioritization, and insider-risk monitoring.
• Collaborate with SOC analysts, threat hunters, and engineering teams to identify manual processes and convert them into automated workflows, increasing SOC efficiency and consistency.
• Maintain and optimize SOAR platform health, integrations, and playbook performance, including version control, documentation, and continuous improvement lifecycle.
• Create and deliver automation metrics and dashboards (automation coverage, time saved, incident response time reduction, false-positive reduction) for SOC leadership and executive reporting.
• Work with leadership, customers, and stakeholders in both IT and Information Security to develop requirements based on a changing threat landscape and new digital capabilities.
• Build security into product delivery pipeline (DevSecOps) using scripting.
• Perform architecture reviews, identify security risks, recommend, and implement mitigations.
• Research, recommend, and implement effective security controls for cloud-native services.
• Discover and implement untapped functionality from security tools and services.
• Work autonomously and proactively seek out opportunities to build security capabilities across our platforms.
• Automate security throughout the development lifecycle (DevSecOps) by enabling security tools, technologies, and best practices for agile development.
• Document security and compliance issues.
• Present findings to clients, including technical teams and executive leadership, providing clear explanations of vulnerabilities, the potential impact on the business, and recommended mitigation strategies.
• Adhere to all confidentiality, HIPAA, regulatory, and other such policies, procedures, and requirements as outlined within Employer's Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the scope of work.
• Maintain compliance with Inovalon's policies, procedures and mission statement, and fulfill those responsibilities and/or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success.

Job Requirements:

• A minimum of years of experience in software and security engineering.
• 5+ years of experience in one of these programming languages such as JavaScript, Python, Golang and PowerShell etc.
• 5+ years' experience in building security test automation utilities (security as a code) and environments.
• 5+ years' experience with cloud native technologies (Azure, AWS, GCP) and secure configurations.
• 3+ years' experience in security system administration (installation, configuration, upgrade, and support).
• 3+ years of experience in application security architecture and risk assessments.
• Experience with OWASP TOP 10, NIST CSF, and MITRE ATT&K frameworks.
• One or more of the certifications: CISSP, CEH, OSCP.
• Preferred: AWS Cloud certifications.
• Cloud Security and Governance, Risk, and Compliance GRC, Thick Client Thin Client VAPT Knowledge/Hands on about DevSecOps/DevOps Knowledgeable about Data Protection.

Education:

• Required: Bachelor of Science in an engineering or technical discipline.
• Preferred: Bachelor of Science in a cybersecurity discipline or a masters in an engineering or technical discipline with cybersecurity coursework.
• Must To Have Skills:Expertise in Application Security Architecture and Design.

Physical Demands and Work Environment:

• Sedentary work (i.e., sitting for long periods of time).
• Frequently or constantly to lift, carry push, pull, or otherwise move objects and repetitive motions.
• Subject to inside environmental conditions.
• Travel for this position will include less than 5% locally, usually for training purposes.