Cloud Security Engineer (Healthcare Industry)
Job Number: 800230456
Job Type: Full Time(FTE)
Candidate Type – USA Work Authorization
Job Location – Raleigh, NC
Job Description
We are seeking a highly skilled and experienced Cloud Security Engineer with a strong background in the healthcare industry. The ideal candidate should have a proven track record in securing cloud deployments and protecting sensitive data. They should also possess excellent communication and collaboration skills to work effectively with senior management in developing and implementing security strategies. The Cloud Security Engineer will be responsible for managing and supporting the implementation of AWS Cloud infrastructure for multiple clients, including design, deployment, maintenance, and troubleshooting.
Roles and Responsibilities
Design and deploy AWS Cloud infrastructure for multiple clients, ensuring security best practices are followed.
Create detailed technical documentation, such as network diagrams, to support the security management of client’s cloud environments.
Assist in developing privacy and security policies and procedures for new projects or enhancements to existing systems, adhering to industry best practices.
Collaborate with senior management and stakeholders in regular status meetings to discuss current projects and future initiatives.
Provide training to internal staff on Amazon Web Services (AWS) services, tools, and security best practices.
Develop a cloud-based security platform that monitors and analyzes data from multiple sources to identify potential threats.
Conduct penetration testing on the DHHS cloud infrastructure to identify vulnerabilities in its security systems.
Design and implement an automated system for detecting anomalous behavior within the DHHS cloud environment using machine learning algorithms.
Perform security assessments of web applications, networks, and systems to identify and mitigate security vulnerabilities.
Document findings and recommendations in security reports and presentations.
Implement security controls to mitigate identified security risks.
Conduct risk assessments to ensure compliance with the NIST 800-53 framework and HIPAA regulations.
Design and implement a comprehensive data loss prevention program to reduce sensitive information leakage.
Conduct penetration testing on web applications deployed on cloud platforms.
Leverage knowledge of cloud native security services provided by AWS/Azure/GCP cloud platforms.
Ensure the department’s security architecture aligns with federal, state, department, and industry best practices.
Possess or work towards obtaining relevant security certifications such as CISSP, CISA, CCSP, or any security specialty certification on one of the leading cloud platforms (AWS/Azure/GCP).
Qualification
Basic Qualification:
CISSP / CISA / CCSP or any security specialty certification on one of the leading cloud platforms (AWS/Azure/GCP).
5 years of experience performing security assessments using NIST 800-53 r4 security controls.
3 years of experience in HIPAA Privacy & Security compliance.
3 years of experience reviewing Soc2 Type2, FedRamp, HITRUST compliance reports.
Knowledge of cloud-native security services provided by AWS/Azure/GCP cloud platforms.
Experience in performing network, web, and database security assessments is required.
Familiarity with tools and techniques for identifying and remediating OWASP TOP 10 vulnerabilities of web applications.
Experience in performing penetration testing on web applications deployed on cloud platforms.
Experience in Cloud Security architecture to ensure compliance with federal, state, department, and industry best practices.
Experience :
NIST 800-53: 5 years (Required)
reviewing Soc2 Type2, FedRamp, HITRUST: 3 years (Required)
cloud native security services: 3 years (Required)