Cloud Security Engineer/DevSecOps Engineer

About The Position

Requirements

• 3–5 years of experience in cybersecurity, cloud security, DevOps, infrastructure, systems administration, security operations, compliance operations, or a related technical role.
• Hands-on experience with AWS and/or Microsoft Azure, with the ability to work across both platforms.
• Working knowledge of cloud security concepts, including IAM, network controls, encryption, logging, monitoring, workload security, and shared responsibility models.
• Experience with common AWS security services such as IAM, CloudTrail, CloudWatch, GuardDuty, Security Hub, KMS, Config, S3 security, or VPC controls.
• Experience with common Azure security services such as Microsoft Entra ID, Azure Policy, Defender for Cloud, Key Vault, Network Security Groups, Log Analytics, Sentinel, or related services.
• Experience with vulnerability management tools such as Rapid7 InsightVM, Nexpose, InsightCloudSec, InsightIDR, or similar platforms.
• Experience with SIEM, endpoint monitoring, log analysis, or security telemetry tools such as Wazuh, Rapid7 InsightIDR, Microsoft Sentinel, or similar platforms.
• Familiarity with compliance automation, GRC, or audit readiness platforms such as Vanta, Compyl, or similar tools.
• Ability to interpret vulnerability, cloud posture, endpoint, and compliance findings and prioritize remediation based on risk.
• Working knowledge of secure configuration, patch management, asset inventory, evidence collection, vulnerability remediation, and exception management workflows.
• Basic to intermediate scripting or automation experience using Python, PowerShell, Bash, Terraform, or similar tools.
• Strong communication and documentation skills, including the ability to explain technical risks, write clear procedures, and recommend practical remediation options.
• Adhere to all organizational information security policies and protect all sensitive information including but not limited to ePHI and PHI in accordance with organizational policy and Federal, State, and local regulations

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Business, Accounting, Risk Management, or equivalent practical experience.
• Experience supporting compliance and security frameworks such as SOC 2, ISO 27001, HIPAA, NIST, CIS, FedRAMP Moderate, and HITRUST, or similar standards.
• Experience with infrastructure as code tools such as Terraform, CloudFormation, ARM/Bicep, or Azure DevOps.
• Experience with CI/CD platforms such as GitHub Actions, GitLab CI, Jenkins, Azure DevOps, or similar.
• Experience with container or workload security for Docker, Kubernetes, ECS, EKS, AKS, or Azure Container Apps.
• Working knowledge of application security concepts, including OWASP Top 10, secrets management, dependency scanning, secure SDLC, and threat modeling.
• Experience with cloud security posture management, vulnerability dashboards, alert tuning, security reporting, and control monitoring.
• Familiarity with Microsoft 365 security, Microsoft Entra Conditional Access, Defender, Intune, or endpoint management.
• Experience creating or improving security architecture diagrams, control narratives, remediation guides, operational procedures, and audit evidence.
• Relevant certifications such as Security+, AWS Certified Security Specialty, AWS Solutions Architect Associate, Azure Security Engineer Associate, Azure Administrator Associate, SC-200, or equivalent practical experience.

Responsibilities

• Review, improve, and help design secure architectures across AWS and Microsoft Azure environments.
• Implement and maintain cloud security controls related to IAM, network segmentation, encryption, logging, key management, backups, secure configuration, and access control.
• Identify and remediate cloud misconfigurations, excessive permissions, insecure storage, public exposure, weak logging, and missing security controls.
• Partner with engineering and infrastructure teams to integrate security checks and DevSecOps practices into CI/CD workflows.
• Operate and improve vulnerability management processes, including scanning, validation, prioritization, remediation tracking, reporting, and exception review.
• Use security monitoring and telemetry platforms to support alert triage, endpoint visibility, log review, investigation, and detection improvement.
• Support compliance monitoring, evidence collection, control mapping, and audit readiness activities using Vanta and Compyl.
• Map technical controls to compliance requirements, internal policies, customer security expectations, and audit evidence needs.
• Participate in threat modeling and security reviews for new applications, infrastructure changes, cloud deployments, and third-party integrations.
• Support incident response activities, including alert investigation, log analysis, evidence gathering, containment recommendations, and post-incident improvements.
• Improve identity and access management practices, including least privilege, MFA, conditional access, service principals, role reviews, privileged access controls, and access certification support.
• Create and maintain security documentation, cloud security standards, control narratives, runbooks, remediation procedures, and architecture diagrams.
• Support implementation and maintenance of security benchmarks and frameworks such as CIS, NIST, SOC 2, ISO 27001, HIPAA, FedRAMP Moderate, and HITRUST.
• Translate security and compliance requirements into practical technical tasks for engineering, IT, and infrastructure teams.

Benefits

• Exceptionally generous paid time away from work
• A variety of paid leave programs
• Savings opportunities with 401(k) and incentive plans
• Internal education programs
• Full array of health benefits
• Fitness reimbursement
• Cell phone subsidy
• Casual offices with snacks and drinks
• Peer recognition programs
• Health advocacy and employee assistance programs
• Pet insurance