Expert Security Engineer

Job Title: Expert Security Engineer
Location: US, Canada (Remote)
Employment Type: Full-time

About Altera
Altera, a member of the N. Harris Computer Corporation family, delivers health IT solutions that support caregivers around the world. These include the Sunrise™, Paragon Daneli, TouchWorks EHR, Altera Opal, Ventus, HealthQuest™ and dbMotion™ solutions. At the intersection of technology and the human experience, Altera Digital Health is driving a new era of healthcare, in which innovation and expertise can elevate care delivery and inspire healthier communities across the globe. A new age in healthcare technology has just begun.

Position Summary
As an Expert Security Engineer at Altera, you will be at the forefront of our proactive security efforts, specializing in ethical hacking and penetration testing. This role is critical for actively identifying and exploiting vulnerabilities across our applications, infrastructure, and cloud environments. We are seeking a highly skilled individual with a deep understanding of application architecture and security controls, capable of independently uncovering security flaws and articulating complex findings to diverse audiences.

Key Responsibilities

• Ethical Hacking & Penetration Testing: Lead and execute advanced penetration tests and ethical hacking engagements against Altera's critical systems, applications, and networks to identify and exploit security weaknesses.

• Application Security Expertise: Conduct in-depth security reviews of applications, with a strong focus on understanding how they are built (e.g., Java-based applications) to uncover design flaws, coding vulnerabilities, and misconfigurations.

• Vulnerability Identification & Exploitation: Independently identify, analyze, and validate security vulnerabilities with high fidelity, demonstrating the ability to exploit them to assess potential impact.

• Tool Proficiency: Leverage and master industry-standard penetration testing tools.

• Reporting & Communication: Clearly articulate complex technical findings, security risks, and actionable remediation strategies through comprehensive written reports and compelling presentations to both technical teams and non-technical stakeholders, including customers.

• Consultation & Guidance: Provide expert consultation to development, operational, and other business units on secure design principles, application of security best practices, and the effective use of advanced security technologies.

• Threat Intelligence: Maintain heightened awareness of current security vulnerabilities, attack vectors, and mitigation techniques, proactively communicating relevant findings and recommendations.

Role Requirements

• Total Years of Experience: 5 years of progressive experience in cybersecurity, with a minimum of 3 years dedicated to ethical hacking, penetration testing, and application security.

• Mandatory Skills:

  • Proven expertise in ethical hacking and penetration testing methodologies, including network, web application, API, and cloud penetration testing.

  • Deep understanding of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25).

  • Expert-level proficiency with penetration testing tools.

  • Strong understanding of application architecture and development.

  • Demonstrated ability to independently identify, validate, and exploit security vulnerabilities with high fidelity.

  • Exceptional verbal and written communication skills, with the ability to clearly articulate complex technical findings, risks, and remediation strategies to diverse audiences.

  • Strong presentation skills, capable of conveying security insights and recommendations effectively to customers and internal stakeholders.

  • Experience with cloud security assessments (e.g., Microsoft Azure Security).

  • Familiarity with various security technologies (e.g., EDR, IDS/IPS, Firewalls, SIEM, Vulnerability Management tools) from an attacker's perspective.

• Good to Have/Preferred Skills:

  • Experience with scripting languages (e.g., Python, PowerShell) for automation and custom tool development.

  • Relevant offensive security certifications such as OSCP, OSWE, GPEN, GWAPT, or other advanced GIAC certifications.

  • Industry-recognized certifications like CISSP, CompTIA Security+, or CySA+.

  • Expert knowledge of Linux and Windows operating systems.

  • Experience in security engineering, operations, and design best practices.

  • Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related technical field.

Salary range

$100,000 - $120,000 USD