Job Details

Company Description

PG Forsta is the leading experience measurement, data analytics, and insights provider for complex industriesa status we earned over decades of deep partnership with clients to help them understand and meet the needs of their key stakeholders.

Our earliest roots are in U.S. healthcare perhaps the most complex of all industries. Today we serve clients around the globe in every industry to help them improve the Human Experiences at the heart of their business.

Our Mission

We empower organizations to deliver the best experiences. With industry expertise and technology, we turn data into insights that drive innovation and action.

Our Values

• Energize the customer relationship:Our clients are our partners. We make their goals our own, working side by side to turn challenges into solutions.
• Success starts with me:Personal ownership fuels collective success. We each play our part and empower our teammates to do the same.
• Commit to learning:Every win is a springboard. Every hurdle is a lesson. We use each experience as an opportunity to grow.
• Dare to innovate:We challenge the status quo with creativity and innovation as our true north.
• Better together:We check our egos at the door. We work together, so we win together.

Remote Position

This is a 100% remote position but only considering applicants located in CST or EST time zones.

Job Overview

The Security Engineer is a member of PG Forstas Information Security team and is responsible for building and maintaining controls that manage information risk and security.

Associate Security Engineer

We are seeking an Associate Security Engineer with excellent interpersonal communication and vulnerability management skills to join our security team. This role will focus on vulnerability management, Security Tools health/Status Check, and coordination across engineering and security teams, ensuring that our security controls and scanning tools/processes are effective and reliable.

The ideal candidate is detail-oriented, proactive, and able to collaborate across teams to drive remediation efforts and continuous improvement. This is an entry-level position in our security team, and were willing to train the right candidate.

Skills Appropriate for this Engineer

• Software development, including automated CI/CD pipelines
• Vulnerability management, specifically with software dependencies
• Penetration testing/vulnerability validation
• Incident response and troubleshooting
• ITSM and workflow

The single most important attribute of this role is passion for information security with a goal to keep client data safe.

This position has no direct reports. It is a remote position that may require occasional travel (1-2 times per year) and on-call support every 6-8 weeks.

Ideal Candidate

IT infrastructure, application development, or security engineer with 3+ years of professional experience and experience or training in information security roles.

About the Team

The Risk and Security team is part of the Legal Department. The team reports to the SVP, Risk and Security who reports to the General Counsel. It consists of people with technical security skills and non-technical audit and compliance skills.

Duties and Responsibilities

Operational Execution

• Integrate and manage security tooling across the SDLC and CI/CD pipelines, including:
  
  • Software Composition Analysis (SCA)
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Secrets detection, Infrastructure-as-code scanning, API security testing, and vulnerability correlation platforms
  
  
• Track vulnerability advisories and threat intelligence feeds; notify relevant stakeholders when new critical vulnerabilities or risks impact the organization.
• Manage vulnerability tracking and reporting across multiple scanning tools (DAST, SCA, ASPM, etc.), ensuring findings are logged, prioritized, and communicated to the right teams.
• Provide initial triage of vulnerabilities, work with senior resources in Application Security team to formulate appropriate practical guidance to development and infrastructure teams on severity, prioritization, and potential remediation paths.
• Champion container security by ensuring secure image creation, scanning, and runtime protections across platforms like Docker and Kubernetes.
• Partner with DevOps and Infrastructure teams to secure Azure cloud-native environments, including container orchestration and deployment layers.
• Drive adoption of secure coding practices, supported by threat modelling, code reviews, and developer training programs.
• Establish and track key metrics for AppSec maturity, coverage, risk reduction, and remediation SLAs.

Cross-Functional Collaboration

• Liaise with Legal to define and communicate security controls required for regulatory compliance and contractual obligations.
• Partner with GRC and Client Response teams to prepare for audits, provide standardised answers to security questionnaires, and represent pipeline and platform controls to clients and external assessors.
• Engage with Pre-Sales Engineering, where required, to support security discussions with strategic prospects and customers.
• Create transparency and trust around security posture through consistent reporting, dashboards, and stakeholder communication.

Continuous Improvement

• Identify gaps in security posture and propose enhancements to architecture, processes, and tooling.

Qualifications

Education/Training

• 4 year degree or equivalent experience
• (Preferred) Professional certification such as Security+ or A+
• General knowledge of business theory, business processes, management, budgeting and business office operations.

Experience

• 2+ years experience in IT Operations, IT Security, or Application Development or similar technical role
• (Preferred) Experience in a healthcare environment.
• (Preferred) Project management experience preferred
• (Preferred) Incident response experience

Required Skills

• Excellent interpersonal communication skills and the ability to clearly convey technical and non-technical information.
• Strong project management and coordination skills, with the ability to keep multiple teams aligned on security priorities.
• Familiarity with vulnerability management processes and tools (e.g., DAST, SCA, ASPM).
• Understanding of CI/CD pipelines and experience monitoring/debugging security jobs within them.
• A good understanding of Software Development Life Cycle.
• Detail-oriented mindset, with the ability to maintain accurate inventories and track multiple streams of security data.
• Ability to triage common vulnerabilities and communicate risk in a structured, actionable way.

Nice to Have

• Hands-on experience with common security tools (e.g., Snyk, SonarQube, Checkmarx, Burp Suite, Tenable, Wiz, etc.).
• Exposure to DevSecOps practices and automated security testing.
• Experience with ticketing/project tracking systems (e.g., Jira, ServiceNow).
• A basic understanding of secure development practices and cloud infrastructure.

Compliance & Ethics Expectations

• Participates and successfully completes the companys compliance program requirements and adheres to the Code of Conduct, Company policies, and applicable federal and state requirements.
• Sets an example for other employees regarding how the Companys Code of Conduct and Compliance Program is applied and observed every day when dealing with customers, business operations, or other teammates.
• Reports potential violations of company policy, Code of Conduct, and/or applicable laws and regulations
• Promotes an environment in which other employees are encouraged to report potential violations.
• As appropriate, provides input and suggestions regarding areas in which policies, procedures, workflows, and/or controls can be improved to enhance compliance.

Special Working Conditions

This is a remote-working position. Week-long travel may be required 1-4 times per year.

Special Physical Requirements

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Expected Base Salary

The expected base salary for this position ranges from $54,000 $75,000. It is not typical for offers to be made at or near the top of the range. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also considered. In addition to base salary we offer a competitive benefits package

Additional Information for US based jobs

Press Ganey Associates LLC is an Equal Employment Opportunity/Affirmative Action employer and well committed to a diverse workforce. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, veteran status, and basis of disability or any other federal, state, or local protected class.

Pay Transparency Non-Discrimination Notice Press Ganey will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information.

All your information will be kept confidential according to EEO guidelines.

Privacy Policy

Our privacy policy can be found here: