[Hiring] Security Engineer @Healthmark Group

Role Description

The Security Engineer is a member of the Security and IT Operations team with a strong emphasis on cloud security, AWS architecture, and Infrastructure-as-Code (IaC). This role is responsible for protecting sensitive health information in a highly regulated environment and embedding security controls directly into cloud-native infrastructure using automation-first practices.

• Design, implement, and maintain AWS-focused cloud security architecture aligned with HIPAA, NIST, and HITRUST.
• Secure AWS environments using IAM, Organizations, CloudTrail, Config, GuardDuty, Security Hub, KMS, and network security controls.
• Build, review, and maintain Infrastructure-as-Code using Terraform, ensuring security controls are versioned, auditable, and enforced by default.
• Develop secure Terraform modules, guardrails, and policy-as-code to prevent misconfiguration and drift.
• Partner with Development and CloudOps teams to implement DevSecOps practices, including CI/CD pipeline security and IaC scanning.
• Establish and manage identity and access standards across AWS and Microsoft Entra.
• Support SOC 2 Type II, HITRUST, HIPAA, and PCI audits with a focus on cloud control evidence.
• Monitor cloud environments, triage security events, and respond to incidents in partnership with the MSP.
• Maintain documentation related to cloud security architecture, IaC standards, and incident response.
• Provide security mentorship and cloud security expertise across the organization.

Qualifications

• Bachelor’s degree in Computer Science, Engineering, or equivalent experience.
• 3+ years of hands-on security engineering experience with strong AWS focus.
• Hands-on experience with Terraform and Infrastructure-as-Code workflows.
• Experience securing AWS workloads including compute, storage, and networking.
• Experience with Microsoft Entra, Active Directory, and AWS IAM.
• Experience with HIPAA, NIST, SOC 2, and HITRUST security controls.
• Experience integrating security into CI/CD pipelines and DevSecOps workflows.
• Strong knowledge of Windows operating systems and networking concepts.

Requirements

• Experience with Azure or GCP.
• Experience with cloud security posture management and IaC scanning tools.
• Knowledge of modern cloud attack vectors and mitigating controls.
• Experience with cryptography, key management, and authentication mechanisms.
• Security certifications such as CISSP, CISM, CSSLP, or AWS Security Specialty.