Senior Security Engineer

Company Description

PG Forsta is the leading experience measurement, data analytics, and insights provider for complex industries—a status we earned over decades of deep partnership with clients to help them understand and meet the needs of their key stakeholders. Our earliest roots are in U.S. healthcare –perhaps the most complex of all industries. Today we serve clients around the globe in every industry to help them improve the Human Experiences at the heart of their business. We serve our clients through an unparalleled offering that combines technology, data, and expertise to enable them to pinpoint and prioritize opportunities, accelerate improvement efforts and build lifetime loyalty among their customers and employees.

Like all great companies, our success is a function of our people and our culture. Our employees have world-class talent, a collaborative work ethic, and a passion for the work that have earned us trusted advisor status among the world’s most recognized brands. As a member of the team, you will help us create value for our clients, you will make us better through your contribution to the work and your voice in the process. Ours is a path of learning and continuous improvement; team efforts chart the course for corporate success.

Our Mission

We empower organizations to deliver the best experiences. With industry expertise and technology, we turn data into insights that drive innovation and action.

Our Values

To put Human Experience at the heart of organizations so every person can be seen and understood.

• Energize the customer relationship: Our clients are our partners. We make their goals our own, working side by side to turn challenges into solutions.
• Success starts with me: Personal ownership fuels collective success. We each play our part and empower our teammates to do the same.
• Commit to learning: Every win is a springboard. Every hurdle is a lesson. We use each experience as an opportunity to grow.
• Dare to innovate: We challenge the status quo with creativity and innovation as our true north.
• Better together: We check our egos at the door. We work together, so we win together.
  
  

The Security Engineer is a member of PG Forsta’s Information Security team and is responsible for building and maintaining controls that manage information risk and security. The engineer is expected to build and maintain administrative, technical, and physical controls to secure PG Forsta data and keep PG Forsta in compliance with applicable laws, regulations, and contractual terms.

We are seeking a Senior Security Engineer with a strong software development background to help us design, build, and scale secure systems. You will play a critical role in researching, architecting, and implementing innovative security solutions while working closely with product engineering teams to ensure security is embedded throughout the development lifecycle.

Skills We Are Looking For

• Software development, including automated CI/CD pipelines
• SBOM, SCA, SAST, DAST (Software Bill of Materials, Software Composition Analysis, Static Analysis Security Testing, Dynamic Analysis Security Testing)
• Identity management best practices
• Vulnerability management, specifically with software dependencies
• Incident response and troubleshooting
• ITSM workflow and process
  
  

This position has no direct reports. It is a remote position that may require coordination with US working hours, occasional travel (1-2 times per year) and on-call support every 6-8 weeks.

Ideal Candidate: Application developer/engineer with experience with build pipelines, security testing, SBOMs, vulnerability management, and coordinating with product, engineering, and security teams.

About The Team

The Risk and Security team is part of the Legal Department. The team reports to the SVP, Risk and Security who reports to the General Counsel. It consists of people with technical security skills and non-technical audit and compliance skills.

PG Forsta’s security team is well-funded and supported by management. We have meaningful influence on how systems are designed and implemented. The department is structured to allow internal staff to leave work at work. While the job will require setting goals and meeting deadlines, it rarely requires more than 45 hours of work per week.

Duties And Responsibilities

Strategy & Vision

• Participate in vision, principles, and security strategy for projects or specific technologies, ensuring alignment with organizational goals.
  
  

Operational Execution

• Integrate and manage security tooling across the SDLC and CI/CD pipelines, including:
• Software Composition Analysis (SCA)
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Secrets detection, Infrastructure-as-code scanning, API security testing, and vulnerability correlation platforms
• Safeguard the software development lifecycle by securing dependencies, container images, build processes, and third-party integrations.
• Embed security into new CI/CD pipelines and maintain existing security testing in CI/CD pipelines and troubleshoot them as needed.
• Contribute hands-on to codebases where needed, providing guidance on secure coding practices and reviewing critical code paths.
• Champion container security by ensuring secure image creation, scanning, and runtime protections across platforms like Docker and Kubernetes.
• Drive adoption of secure coding practices, supported by threat modelling, code reviews, and developer training programs.
• Drive security awareness and best practices across engineering teams by mentoring developers and empowering Security Champions.
• Establish and track key metrics for AppSec maturity, risk reduction, and remediation SLAs.
  

Cross-Functional Collaboration

• Liaise with Legal to define and communicate security controls required for regulatory compliance and contractual obligations.
• Working with product engineering, design and implement security for microservices architectures, including mTLS, service-to-service authentication, secrets management.
• Working with product engineering, Research, design, and apply innovative security solutions to both new and existing systems.
• Partner with DevOps and Infrastructure teams to secure Azure cloud-native environments, including container orchestration and deployment layers.
• Partner with GRC and Client Response teams to prepare for audits, provide standardised answers to security questionnaires, and represent pipeline and platform controls to clients and external assessors.
• Engage with Pre-Sales Engineering, where required, to support security discussions with strategic prospects and customers.
• Create transparency and trust around security posture through consistent reporting, dashboards, and stakeholder communication.
  
  

Continuous Improvement

• Identify gaps in security posture and propose enhancements to architecture, processes, and tooling.
  
  

Required Qualifications

• Strong background in software development (experience with at least one major language such as Go, Java, Python, or C#).
• Hands-on experience in building and troubleshooting CI/CD pipelines (Jenkins, Azure DevOps, GitLab CI, GitHub Actions, or similar).
• Deep understanding of secure architecture patterns (microservices, APIs, authentication, authorization).
• Experience with mTLS, PKI, and cryptographic protocols.
• Hands-on experience with IaC security and secure automation.
• Ability to effectively communicate complex security concepts to both technical and non-technical audiences.
• Familiarity with modern infrastructure (Kubernetes, Docker, cloud-native environments).
• Knowledge of modern DevSecOps practices and CI/CD security integration.
  
  

Preferred Qualifications

• Threat modeling and risk assessment experience.
• Experience with tools like Sigstore, SLSA, or in-toto for supply chain security.
• Contributions to open-source security tools or research.
• Experience building or driving a Security Champion program is a plus.
  
  

Experience

• 6+ years' experience in Application Development or similar technical role
• (Preferred) Experience in a healthcare environment.
  
  

Compliance & Ethics Expectations

• Participates and successfully completes the company's compliance program requirements and adheres to the Code of Conduct, Company policies, and applicable federal and state requirements.
• Sets an example for other employees regarding how the Company's Code of Conduct and Compliance Program is applied and observed every day when dealing with customers, business operations, or other teammates.
• Reports potential violations of company policy, Code of Conduct, and/or applicable laws and regulations
• Promotes an environment in which other employees are encouraged to report potential violations.
• As appropriate, provides input and suggestions regarding areas in which policies, procedures, workflows, and/or controls can be improved to enhance compliance.
  
  

Special Working Conditions

This is a remote-working position. Week-long travel may be required 1-4 times per year.

Special Physical Requirements

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Requires ability to get to all users' operations and computer facilities.
• Requires the ability to meet deadlines, frequent assignment changes, periodic heavy workload, rapidly changing environment, and dynamic business growth.
• Requires ability to concentrate on detailed tasks for sustained periods of time.
• Requires the ability to operate computer, printer, copy machine, calculator, other general office equipment, and to record written information.
• Requires the ability to communicate with customers, users and vendor representatives in person, in writing, and on the telephone.
• Requires the ability to read computer output and printed material.
• Requires the ability to read complex vendor reference material and written user manuals.
• Requires the ability to participate in interactive verbal group activities including brainstorming and application design working sessions.
• Requires the ability to travel occasionally, including domestic flights.
• Requires ability to withstand mental pressure caused by time deadlines, frequent changes, periodic heavy workload, rapidly changing environment and dynamic business growth.
  
  

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At PG Forsta we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

Additional Information For US Based Jobs

Press Ganey Associates LLC is an Equal Employment Opportunity/Affirmative Action employer and well committed to a diverse workforce. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, veteran status, and basis of disability or any other federal, state, or local protected class.

Pay Transparency Non-Discrimination Notice – Press Ganey will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.

All your information will be kept confidential according to EEO guidelines.

Our privacy policy can be found here: https://www.pressganey.com/legal-privacy/