Cloud Security Specialist

November 5

Apply Now

Receive Emails with Similar Jobs

Softheon

WebsiteLinkedInAll Job Openings

Healthcare Reform Solutions • Solutions for Exchanges • Healthcare Information Management • Healthcare Transaction Management • Underwriting

201 - 500

💰 $200k Venture Round on 2009-03

Description

• Job Title: Cloud Security Specialist • Job Location: Remote • About us: Softheon is a dynamic and forward-thinking Software as a Service (SaaS) organization that is dedicated to ensuring affordable, accessible, and plentiful healthcare for every American. • Our Company Culture: Built on collaboration, innovation, and appreciation. • About the role: This role demands strong collaboration with cross-functional teams, ensuring the seamless integration of security practices across all cloud services, including IaaS, PaaS, and SaaS. • The Cloud Security Specialist will also develop and enforce security policies, monitor cloud configurations, respond to threats, and automate security processes, ensuring compliance with industry regulations such as HIPAA.

Requirements

• Cloud Security Management: • Design and implement cloud security frameworks: Architect and deploy robust security controls for Azure-based cloud infrastructure, ensuring alignment with organizational security policies and standards. • Cloud configuration and hardening: Review and improve security configurations for Azure services, ensuring appropriate access control, encryption, and security monitoring. • Policy management and enforcement: Define and enforce security policies for cloud usage, ensuring that data is protected, encrypted, and appropriately monitored. • Continuous security assessments: Perform regular security audits of cloud environments, including vulnerability scanning and penetration testing, to identify and mitigate risks. • Threat Management: • Incident detection and response: Act as the primary point of contact for cloud security incidents. Lead efforts to contain, investigate, and remediate breaches or threats. • Proactive threat hunting: Conduct threat-hunting activities within Azure cloud environments to uncover potential risks and misconfigurations before they lead to security incidents. • Security event correlation: Leverage tools like Microsoft Sentinel to correlate security events and detect abnormal patterns in network and system activity. • Forensics and root cause analysis: In the event of a security breach, perform forensic analysis to determine the cause and prevent future occurrences. • Compliance & Governance: • HIPAA, SOC, and PCI audit preparation: Lead efforts to ensure the cloud environment meets regulatory requirements and is fully prepared for external and internal security audits. • Cloud security governance: Develop and enforce governance frameworks to ensure ongoing compliance with security standards and legal requirements (e.g., HIPAA, GDPR, SOC 2). • Third-party vendor risk management: Assess the security posture of third-party vendors, ensuring that their practices meet compliance and security requirements when integrating with the organization’s cloud systems. • Security Tools & Technologies: • Security automation: Automate repetitive security tasks using tools like Microsoft Azure Security Center, Microsoft Defender, and Sentinel to improve operational efficiency. • Zero Trust architecture: Design and implement a Zero Trust security model within the Azure environment, ensuring secure access to resources. • Continuous security monitoring: Establish and maintain real-time monitoring and alerting systems using cloud-native tools and services to ensure timely identification of vulnerabilities or suspicious activities. • SIEM and SOAR management: Oversee the integration of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems to streamline incident response. • Collaboration: • Security training and advocacy: Educate DevOps, engineering, and IT teams on best practices for secure cloud development, including secure coding and configuration. • DevSecOps integration: Partner with DevOps teams to integrate security into CI/CD pipelines, ensuring secure code deployment and infrastructure provisioning. • Cross-departmental security alignment: Collaborate with IT, product, and legal teams to ensure cloud security practices align with business goals and regulatory frameworks. • Documentation & Reporting: • Security incident playbooks: Develop and maintain detailed incident response playbooks to ensure a consistent and effective approach to security breaches. • Audit and compliance reporting: Provide detailed security reports, including audit logs and incident findings, for compliance reviews and audits. • Key security metrics and KPIs: Define, track, and report key security metrics (e.g., number of incidents, MTTR) to senior management to continuously improve security posture.

Benefits

• Salary - $120,000- $150,000 • Opportunity to work on cutting-edge cloud-based healthcare solutions • Work from your home company with a one-time home office stipend • Excellent benefits package that includes health, vision and dental coverage for you, your spouse and dependents • Additional benefits, including a monthly wellness stipend and internet stipend, 401K w/ a match; immediately vested, employee assistance program, disability/life insurance, and parental leave • 15 days to Discretionary PTO based on YOS plus 9 additional holidays • Referral bonuses, discretionary bonus program, spot bonuses and professional development opportunities • An opportunity for you to be part of a team committed to improving healthcare access and affordability by leveraging innovative technology solutions