Senior Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent relevant experience).
• 6+ years of experience in security engineering, infrastructure security, or cloud security.
• Hands-on experience securing cloud environments (identity, governance, monitoring, and secure configuration patterns).
• Strong understanding of identity and access management concepts (RBAC, MFA, privileged access, logging, and least privilege).
• Experience leading or materially contributing to incident response and post-incident improvements.
• Experience managing vulnerability lifecycle activities end-to-end in a cloud environment and partnering with other teams to remediate findings.
• Experience operating in regulated environments and supporting audits (e.g., HIPAA, SOC 2).
• Excellent oral and written communication skills.
• Availability to work rotating or irregular shifts, including after-hours on-call support, as dictated by operational needs.
• We are proud to offer a flexible hybrid work model which will require certain on-site work days (Puerto Rico Location Only).

Nice To Haves

• Experience with cloud security tooling such as Microsoft Defender for Cloud, SIEM/SOAR platforms, EDR solutions, CSPM tools, and vulnerability management platforms.
• Experience with infrastructure-as-code and automation (e.g., Terraform/Bicep, PowerShell/Python) and integrating security checks into CI/CD pipelines.
• Experience with Linux hardening and container/Kubernetes security concepts.
• Healthcare or fintech experience with strong control and evidence requirements.
• Familiarity with NIST 800-53 and HITRUST.
• Security-related certifications (e.g., CISSP, CCSP, CISM, Security+, AZ-500, or equivalent).

Responsibilities

• Own and drive security engineering initiatives that improve cloud and infrastructure security, including standards, guardrails, and technical controls.
• Design, implement, and continuously improve security controls across Azure (primary) and supporting services (e.g., Entra ID, Azure Policy, Defender for Cloud, Log Analytics/SIEM as applicable).
• Engineer and operationalize identity and access governance controls (RBAC, Conditional Access, privileged access workflows, and access logging) in partnership with other teams.
• Build and mature detection and response capabilities: tune alerts, improve signal quality, and contribute to playbooks and automation for common security events.
• Lead technical incident response activities: triage, scope, containment, eradication, recovery, and post-incident corrective actions and lessons learned.
• Own the technical execution of vulnerability lifecycle management (scanning, triage, prioritization, remediation coordination, and verification) and drive measurable reductions in risk and remediation timelines.
• Perform security gap assessments; translate findings into actionable remediation plans; and partner with stakeholders to implement durable fixes.
• Partner with Engineering teams to embed security into delivery processes (secure configuration patterns, CI/CD security checks where applicable, and security reviews for new services and changes).
• Support audit and compliance readiness by implementing and validating technical controls aligned to NIST 800-53 and HITRUST, and by producing technical evidence and remediation documentation.
• Document and maintain security standards, playbooks, and procedures; mentor peers and junior team members; and serve as an escalation point for complex security issues.
• Continuously monitor emerging threats, security advisories, and cloud platform changes; recommend and implement improvements.
• Perform other duties and special projects as assigned.