Cloud Security Engineer Principal jobs in United States
info-icon
This job has closed.
company-logo

Children's Hospital of Philadelphia · 3 weeks ago

Cloud Security Engineer Principal

positionPhiladelphia, PA
timeFull-time
remoteOnsite
seniorityLead/Staff
money$127K/yr - $168K/yr
date12+ years exp

Children’s Hospital of Philadelphia (CHOP) is dedicated to advancing pediatric care and fostering an inclusive workplace. The Cloud Security Engineer will be responsible for securing cloud environments, collaborating with teams to implement security controls, and optimizing cloud security processes.

Child CareHealth CareHospitalMedicalNon Profit
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Proven experience in securing a multi-cloud environment
Proven experience with Identity and access management in the cloud
Proven experience with all security service lines in a cloud envrionment and the supporting security tools and processes to be successful
Demonstrate collaboration with internal stakeholders, vendors, and supporting teams to design, implement, and maintain security technologies across network, endpoint, identity, and cloud infrastructure
Drive continuous improvement and coverage of cloud security controls by validating alerts, triaging escalations, and working with the MSP to fine-tune detection and prevention capabilities
Lead or support the development of incident response plans, engineering runbooks, tabletop exercises, and system hardening guides
Ensure alignment of security architectures with CHOP’s policies, standards, and external frameworks such as NIST SP 800-53, HIPAA, PCI-DSS, CISA ZTMM, CIS Benchmarks, and Microsoft CAF Secure Methodology, AWS CAF, AWS Well Architected framework, Google CAF
Participate in design and governance forums to provide security input into infrastructure, DevSecOps, and cloud-native application strategies
Assist with audits, compliance assessments, risk remediation plans, and evidence collection with internal compliance and external third-party stakeholders
Mentor and support junior InfoSec engineers through documentation, training, and peer reviews
Hands-on experience in security engineering, systems integration, and cloud architecture (Azure preferred)
Proficiency in tools and domains such as: EDR (Microsoft Defender), SIEM (Sentinel or Splunk), CSPM (e.g., Wiz), IAM (Entra ID), VPNs/NGFWs, NAC, and encryption protocols
Demonstrated understanding of secure configuration management, automation pipelines (e.g., Terraform, PowerShell), and vulnerability management platforms
A Principal Information Security Specialist has similar responsibilities to Information Security Specialist III personnel. However, a Principal Information Security Specialist is deemed to be the subject matter expert and in-house advisor on complex problems and issues
Works independently to initiate assignments and draws upon extensive professional knowledge and experience to make independent judgments regarding analysis, evaluation, development, and implementation of enterprise long-term solutions and operating initiatives to ensure that enterprise architectural objectives are aligned with organizational needs and strategic goals
Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and DTS strategies
Shapes, designs, and plans specific service lines in product area and manages the risks associated with information and DTS assets through appropriate standards and security policies
Functions as the Subject Matter Expert (SME) to maintain an understanding of CHOP DTS business and clinical applications and the relationship to InfoSec and compliance solutions; assist Hospital stakeholders in understanding information protection needs that support the Hospital's business
Works with other architects to provide a consensus based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering
Works with highly matrixed team of DTS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption)
Support and/or lead activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates DTS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models)

Qualification

Cloud securityIdentityAccess managementSecurity frameworks complianceSecurity engineeringMulti-cloud environmentIncident response planningRisk managementCloud architectureAutomation pipelinesCollaboration skillsInterpersonal skillsCommunication skillsMentoring skillsProblem-solving skillsTeamwork

Required

Proven experience in securing a multi-cloud environment
Proven experience with Identity and access management in the cloud
Proven experience with all security service lines in a cloud environment and the supporting security tools and processes to be successful
Demonstrate collaboration with internal stakeholders, vendors, and supporting teams to design, implement, and maintain security technologies across network, endpoint, identity, and cloud infrastructure
Drive continuous improvement and coverage of cloud security controls by validating alerts, triaging escalations, and working with the MSP to fine-tune detection and prevention capabilities
Lead or support the development of incident response plans, engineering runbooks, tabletop exercises, and system hardening guides
Ensure alignment of security architectures with CHOP's policies, standards, and external frameworks such as NIST SP 800-53, HIPAA, PCI-DSS, CISA ZTMM, CIS Benchmarks, and Microsoft CAF Secure Methodology, AWS CAF, AWS Well Architected framework, Google CAF
Participate in design and governance forums to provide security input into infrastructure, DevSecOps, and cloud-native application strategies
Assist with audits, compliance assessments, risk remediation plans, and evidence collection with internal compliance and external third-party stakeholders
Mentor and support junior InfoSec engineers through documentation, training, and peer reviews
Hands-on experience in security engineering, systems integration, and cloud architecture (Azure preferred)
Proficiency in tools and domains such as: EDR (Microsoft Defender), SIEM (Sentinel or Splunk), CSPM (e.g., Wiz), IAM (Entra ID), VPNs/NGFWs, NAC, and encryption protocols
Demonstrated understanding of secure configuration management, automation pipelines (e.g., Terraform, PowerShell), and vulnerability management platforms
Bachelor's Degree Required
At least twelve (12) years industry related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management or operations) in a multitier environment
At least six (6) years experience with information security, regulatory compliance and risk management concepts
At least three (3) years experience with Identity and Access Management, user provisioning, Role Based Access Control, or control self-assessment methodologies and security awareness training
Experience with Cloud and/or Virtualization technologies

Preferred

Bachelor's Degree Computer Science, Information Systems, or related field Preferred
At least three (3) years in working with matrixed high performance teams
Preferred relevant certifications: Sec+, Azure Security Engineer (SC-200), CCSP, GSEC, or equivalent
Experience developing or contributing to cloud governance, tagging standards, or infrastructure-as-code (IaC) security policies
Experience in healthcare, research, or life sciences environments is highly desirable
Strong interpersonal and communication skills; ability to convey technical concepts to non-technical stakeholders
Certified Information Systems Security Professional (CISSP) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
HealthCare Information Security and Privacy Practitioner (HCISPP) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified in Cybersecurity - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Systems Security Certified Practitioner (SSCP) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified Information Security Manager (CISM) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified in the Governance of Enterprise IT (CGEIT) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
Certified in Risk and Information Systems Control (CRISC) - Information Systems Audit and Control Association (ISACA) - upon hire - Preferred
CompTIA Security+ - CompTIA - upon hire - Preferred
GIAC Security Essentials (GSEC) - GIAC Certifications - upon hire - Preferred
Certified Ethical Hacker (CEH) - EC-Council - upon hire - Preferred
Certificate of Cloud Security Knowledge (CCSK) - Cloud Security Alliance (CSA) - upon hire - Preferred
Certificate of Cloud Auditing Knowledge (CCAK) - Cloud Security Alliance (CSA) - upon hire - Preferred

Company

Children's Hospital of Philadelphia

twittertwittertwitter
Glassdoor4.0
company-logo
Since its start in 1855 as the nation's first hospital devoted exclusively to caring for children, The Children's Hospital of Philadelphia has been the birthplace for many dramatic firsts in pediatric medicine.
dateFounded in 1855
location
Philadelphia, Pennsylvania, USA
people-size10001+ employees
web-link
http://chop.edu

H1B Sponsorship

Children's Hospital of Philadelphia has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (175)
2024 (170)
2023 (140)
2022 (115)
2021 (70)
2020 (53)

Funding

Current Stage
Late Stage
Total Funding
$33.35M
Key Investors
UnitedHealthcare Community PlanNational Cancer InstituteBill & Melinda Gates Foundation
2025-12-10Grant· $1.7M
2025-09-29Grant· $1M
2025-06-18Grant· $1M

Leadership Team

leader-logo
Ron Keren
Senior Vice President and Chief Medical Officer
linkedin
leader-logo
Adam Resnick
Director of the Center for Data Driven Discovery in Biomedicine (D3b)
linkedin

Recent News

BioSpace
Jena Lyn Miller, MD, Joins Children’s Hospital of Philadelphia as New Chief of Obstetrics and Gynecology
2026-01-06
Morningstar.com
Jena Lyn Miller, MD, Joins Children's Hospital of Philadelphia as New Chief of Obstetrics and Gynecology
2026-01-05
PR Newswire
Children's Hospital of Philadelphia Receives $1.7 Million Investment from UnitedHealthcare to Support Essential Community Programs
2025-12-10
Company data provided by crunchbase