Tech Stack

Description

You will design, implement, and automate robust security controls across application stacks and cloud environments to strengthen end-to-end security posture. Your work will directly contribute to preventing unauthorized PHI access and exfiltration while advancing overall security maturity and resilience.

Requirements

• 6+ years of experience in security engineering, with hands-on expertise in both application security and cloud security (AWS strongly preferred)
• Strong proficiency in at least one scripting or programming language (Python or Go preferred) for security automation
• Demonstrable experience in two or more of the following core areas: 1) Application & SDLC Security, specifically with SAST, DAST, and SCA tools (e.g., Semgrep, Snyk, Burp Suite) and CI/CD automation; 2) Security Automation & Engineering using SOAR platforms (e.g., Tines) and Terraform; 3) Cloud Security (AWS/GCP) with a focus on designing secure cloud-native services (VPCs, IAM, WAF, CSPM); 4) Identity & Encryption, including JIT access controls, PAM, and cryptographic key lifecycles; or 5) Endpoint & Data Security utilizing EDR/XDR, DLP, and MDM solutions
• Experience securing containerized environments (Docker, Kubernetes)
• Previous experience in healthcare, fintech, or other highly regulated industries
• Excellent communication skills, with the ability to explain complex security risks to both technical and non-technical stakeholders

Responsibilities

• Design, build, and implement Just-in-Time (JIT) access controls and Privileged Access Management (PAM) workflows to eliminate standing privileged accounts in production
• Conduct platform permission reviews and implement a least-privilege access model for cloud and application roles
• Ensure 100% of production access requests and approvals are captured in audit logs
• Lead the implementation, tuning, and operation of security tools in the CI/CD pipeline, including SAST, DAST, SCA, and secrets scanning
• Develop custom SAST rules to detect specific, high-risk flaw patterns, such as authorization bypasses or insecure PII/PHI handling
• Partner with engineering to deploy IDE plugins and automated PR checks that block sensitive data exposure before deployment
• Conduct manual security code reviews for high-risk features and cryptographic implementations
• Design, build, and maintain automation for the end-to-end vulnerability management lifecycle
• Engineer automated workflows to triage, validate, and assign new vulnerabilities
• Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations and compliance checks
• Partner with SecOps to build high-fidelity SIEM correlation rules and automated response playbooks
• Design, implement, and maintain encryption strategies for data at rest and in transit, ensuring PHI is protected in compliance with HIPAA
• Manage the cryptographic key lifecycle and administer key management systems
• Design and implement secure cloud network architectures (VPCs, subnets, security groups, NACLs) and network segmentation strategies
• Lead the remediation of cloud security findings
• Implement and manage a centralized security control plane
• Design and implement Data Loss Prevention (DLP) policies for endpoints and cloud services to protect against sensitive data exfiltration
• Design and enforce security configurations and hardening standards for diverse operating systems (macOS, Windows, Linux) via MDM/UEM platforms
• Manage and tune endpoint security solutions, including EDR/XDR (e.g., CrowdStrike)
• Lead threat modeling sessions for new features and conduct secure design reviews of system architectures, applications, and APIs
• Act as an embedded security partner and subject matter expert for product and platform teams, providing technical guidance and mentorship
• Develop and manage security programs for emerging risks, including SaaS security and AI security