• Security Analyst (Practice Fusion)

    Job Locations US-CA-San Francisco
    Requisition ID
    Posted Date
    4 months ago(5/1/2018 9:31 PM)
  • Overview


    Would you like to join Practice Fusion, an Allscripts company, as we work together to reshape the future of healthcare? We are on a mission to help small, independent practices thrive by offering best-in-class, affordable products that allow them to focus on what matters most – caring for their patients. 

    Practice Fusion is a leader in the electronic health record space with over 80 million patients served by doctors using our platform. Our award-winning, cloud based ambulatory EHR platform helps physicians thrive in an increasingly complex world by coordinating patient care. 

    Join our growing team, as we are an enthusiastic and committed partner dedicated to connecting doctors, patients, and data to drive better health and save lives.


    You will be responsible for a broad range of environments, systems, and security solutions including ongoing collaboration with our DevOps and Engineering teams to optimize and harden our ephemeral infrastructure and ship secure code. You have a passion for security. You love to design and build tools to automate. You strive to improve yourself and those around you. You want to make a difference in people’s lives.

    To be blunt, if the DevSecOps turns your crank and you want to be part of an amazing team supporting a noble mission to transform healthcare in the US, then this is the place for you. Practice Fusion has been independently named the 4th largest EHR in the US and the largest cloud based EHR in the country. We take the responsibility of securing healthcare data very seriously, and are looking for a team player to help us raise our game even further.


    • Security Operations
      • Create, improve, and respond to security operations alerts.
      • Support Splunk as a security information and event monitoring system.
      • Respond to web application security alerts such as WAF, IDS, IPS, and Firewall.
    • Vulnerability management

      • Perform network and system vulnerability security scans using open source and commercial tools.

      • Be accountable for system and device patch compliance for modern, ephemeral AWS instances.

      • Create or augment vulnerability management procedures to prioritize efforts and minimize risk to the organization.

    • Periodically audit configurations, roles and permissions to ensure that minimum necessary access is provided.

    • Review and enforce AWS Security best practices, especially in the areas of IAM roles, Network Access Controls and Key Management.

    • Help evaluate and implement new security technologies.

    • Drive the design and development of security capabilities and requirements.

    • Work closely with senior leadership teams in a collaborative environment to improve the current security framework and educate employees. 

    • Suggest and introduce new methodologies for improving security.

    • Mentor other members of the team through collaboration and knowledge sharing.

    • Be a senior technical contributor of the security team.

    • Provide technical security expertise to IT, Engineering and business units on an as-needed basis.



    • 5+ years work experience in Information Security.
    • AWS - If you’re not experienced in and passionate about AWS best practices, don’t apply to this role.
    • 2+ years of programming or heavy scripting and automation experience.
    • Understanding and aptitude for endpoint security, log management, vulnerability scanning, IDS/IPS management.  We need you to drive our Splunk standards and optimizations.
    • Know OWASP top 10 security risks and be able to describe how to attack and defend them.
    • Strong knowledge of database systems.
    • Strong knowledge of networking, encryption protocols, and modern ciphers.
    • Experience with vulnerability management tools, such as Nexpose.
    • Experience with endpoint security to mentor and coach junior security team members.
    • Experience managing SIEM solutions (e.g. Splunk).
    • Experience working with network security controls (Routers, Firewalls, Proxies, ACL’s, Wireless networking protocols).
    • Expertise with authentication and authorization technologies.
    • Capable of analyzing, creating, and maintaining security requirements.
    • Love of automation in a heterogeneous environment. Powershell and Python are your friends.
    • Strong written and oral communication skills.  Comfortable interacting with Executive Team.
    • Bachelors Degree or equivalent work experience.
    • [Bonus] Experience with healthcare privacy and security requirements.


    Working Arrangements:

    • Work is performed in a standard office environment with minimal exposure to health or safety hazards


    At Allscripts, our greatest strength comes from bringing together talented people with diverse perspectives to support the technology needs of 180,000 physicians, 1,500 hospitals and 10,000 post-acute organizations across the globe. Allscripts offers a comprehensive compensation and benefits package, including holidays, vacation, medical, dental, and vision insurance, company paid life insurance and retirement savings.


    Allscripts policy is to provide equal employment opportunity and affirmative action in all of its employment practices without regard to race, color, religion, sex, national origin, ancestry, marital status, protected veteran status, age, individuals with disabilities, sexual orientation or gender identity or expression or any other legally protected category. Applicants for North American based positions with Allscripts must be legally authorized to work in the United States or Canada. Verification of employment eligibility will be required as a condition of hire.


    From a "VEVRAA Federal Contractor" We request Priority Referral of Protected Veterans


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with Allscripts for future communications and career opportunities.