Position: Security Engineer - Cloud & Infrastructure SecurityLocation: RemoteRole Overview:The Security Engineer is a member of the Security and IT Operations team with a strong emphasis on cloud security, AWS architecture, and Infrastructure-as-Code (IaC). This role is responsible for protecting sensitive health information in a highly regulated environment and embedding security controls directly into cloud-native infrastructure using automation-first practices.
Primary Roles and Responsibilities:- Design, implement, and maintain AWS-focused cloud security architecture aligned with HIPAA, NIST, and HITRUST.
- Secure AWS environments using IAM, Organizations, CloudTrail, Config, GuardDuty, Security Hub, KMS, and network security controls.
- Build, review, and maintain Infrastructure-as-Code using Terraform, ensuring security controls are versioned, auditable, and enforced by default.
- Develop secure Terraform modules, guardrails, and policy-as-code to prevent misconfiguration and drift.
- Partner with Development and CloudOps teams to implement DevSecOps practices, including CI/CD pipeline security and IaC scanning.
- Establish and manage identity and access standards across AWS and Microsoft Entra.
- Support SOC 2 Type II, HITRUST, HIPAA, and PCI audits with a focus on cloud control evidence.
- Monitor cloud environments, triage security events, and respond to incidents in partnership with the MSP.
- Maintain documentation related to cloud security architecture, IaC standards, and incident response.
- Provide security mentorship and cloud security expertise across the organization.
Required Experience and Qualifications:- Bachelor's degree in Computer Science, Engineering, or equivalent experience.
- 3+ years of hands-on security engineering experience with strong AWS focus.
- Hands-on experience with Terraform and Infrastructure-as-Code workflows.
- Experience securing AWS workloads including compute, storage, and networking.
- Experience with Microsoft Entra, Active Directory, and AWS IAM.
- Experience with HIPAA, NIST, SOC 2, and HITRUST security controls.
- Experience integrating security into CI/CD pipelines and DevSecOps workflows.
- Strong knowledge of Windows operating systems and networking concepts.
Additional Preferred Experience:- Experience with Azure or GCP.
- Experience with cloud security posture management and IaC scanning tools.
- Knowledge of modern cloud attack vectors and mitigating controls.
- Experience with cryptography, key management, and authentication mechanisms.
- Security certifications such as CISSP, CISM, CSSLP, or AWS Security Specialty.
- Experience with application security and secure development practices
