Sr. Information Security Engineer

Remote (United States)

About the Role

A Senior Information Security Engineer is needed to help protect cloud-based healthcare SaaS platforms, infrastructure, and sensitive customer data. This role focuses on designing, implementing, and managing enterprise-grade security solutions aligned with major regulatory frameworks such as HIPAA, HITRUST, SOC 2, and NIST 800-53.

This position requires a hands-on technical expert with strong experience in cloud security (AWS/Azure), DevSecOps, identity management, endpoint protection, and security automation.

Compensation

Annual Salary: $140,000 – $160,000 per year

Compensation is based on multiple factors including geographic location, experience, and technical expertise.

What You’ll Do

Cloud and Infrastructure Security

• Design and maintain secure architectures across AWS, Azure, and GCP environments
• Implement security guardrails and controls using tools such as AWS Security Hub, GuardDuty, Config, and IAM
• Conduct vulnerability scans, configuration reviews, and track remediation efforts
• Develop and enforce network segmentation, encryption, and key management policies

Application & SaaS Security

• Integrate security into CI/CD pipelines in collaboration with DevOps and Engineering teams
• Perform threat modeling, secure code reviews, and design assessments for microservices and APIs
• Support penetration testing and application security validation
• Ensure protection of sensitive data such as PHI and PII across SaaS platforms

Endpoint & Identity Security

• Manage and enhance EDR/XDR solutions such as Cortex or Defender for Endpoint
• Implement identity security controls using Microsoft Entra ID, Conditional Access, and Privileged Identity Management
• Support device compliance and management policies across Windows, macOS, and mobile environments using MDM tools

Security Operations & Incident Response

• Monitor alerts, investigate security incidents, and coordinate response activities
• Develop and improve incident response runbooks, playbooks, and forensic procedures
• Support SIEM integrations and enhance detection capabilities

Governance, Risk & Compliance

• Support audits and evidence collection for HIPAA, HITRUST, SOC 2, and related frameworks
• Maintain asset inventories, risk registers, and remediation tracking
• Collaborate with compliance teams to align controls with policies
• Contribute to security awareness programs and internal training initiatives

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or equivalent experience
• 5+ years of experience in security engineering or related roles
• Strong knowledge of cloud security in AWS and Azure environments
• Hands-on experience with SIEM, EDR/XDR, IAM, vulnerability management, and security automation
• Familiarity with HIPAA, HITRUST, and SOC 2 compliance requirements
• Experience securing containerized and serverless environments such as Kubernetes (EKS) and AWS Lambda

Preferred Qualifications

• Industry certifications such as CISSP, CISM, CCSP, AWS Security Specialty, or GIAC (GSEC, GCIA, GCIH)
• Experience with infrastructure-as-code tools such as Terraform, Ansible, or CloudFormation
• Experience working with DevSecOps pipelines and tools such as Jenkins or Bitbucket
• Strong scripting skills in Python, PowerShell, or Bash

Key Competencies

• Strong analytical and problem-solving skills with attention to detail
• Ability to balance security risks with business objectives
• Excellent communication skills with the ability to explain technical concepts to non-technical stakeholders
• Collaborative mindset with a proactive approach to continuous improvement

Additional Information

• Employment type: Full-time
• Work arrangement: Remote
• Background verification and employment eligibility checks may be required
• Equal opportunity employer committed to a diverse and inclusive workplace