Brown University Health · 1 month ago
Cloud Security Engineer
Providence, RI
Full-time
Onsite
Senior Level, Lead/Staff
$108K/yr - $178K/yr
10+ years expBrown University Health is seeking a Cloud Security Engineer to protect their multi-cloud environment by designing secure landing zones and embedding security controls. This role involves collaborating with various teams to implement security best practices and regulatory requirements while continuously improving the organization's cloud security posture.
EducationHealth CareMedicalUniversities
Responsibilities
Own and improve cloud security posture across a multi-cloud environment (Azure, AWS and/or GCP). Establish, document and enforce secure guardrails and baselines aligned to CIS Benchmarks and NIST CSF 2.0
Operate and tune our cloud security posture / CNAPP platform (agentless discovery, misconfiguration/vulnerability/identity risk analysis), drive prioritized remediation with responsible parties
Review and advise on policy-as-code and infrastructure-as-code (IaC) security checks across pre-commit, CI/CD, and pre-deployment gates. Conduct security design reviews of IaC to identify and recommend fixes for misconfigurations before provisioning
Design and advise on least‑privilege access models (roles, conditional access policies, break‑glass, service principals), secrets management, key management, and encryption (at rest, in transit, and in use where applicable)
Design secure network architecture: VPC/VNet design, private connectivity/peering, egress controls, segmentation, and zero‑trust‑oriented access to cloud services
Centralize logging/telemetry (activity, audit, identity, network, and data access) and integrate with SIEM/SOAR for alerting, correlation, and automated response
Design and document data security controls across object storage, databases, and analytics services (classification, access boundaries, tokenization/format‑preserving encryption, key rotation, and auditing)
Perform periodic control assessments and gap analyses against CIS Benchmarks and NIST CSF 2.0. Publish metrics/KPIs and risk treatment plans for leadership
Automate routine security tasks and remediations using scripting and APIs (e.g., Python, PowerShell, serverless functions, workflow automation)
Partner with IT/Cloud Platform teams to maintain hardened images, patching, and vulnerability management for cloud workloads (VMs, managed services; containers, etc.)
Partner with Security Operations to translate cloud attack paths into detections (control-plane logs, API activity, network flow, workload telemetry) and tune SIEM/SOAR playbooks
Secure SaaS integrations with cloud accounts (SSO, SCIM/JIT, conditional access, least‑privilege service integrations) and third‑party connectivity
Identify, document and report any deviations from policy / standards, recommend corrective actions, and review security policies and control documentation to align with current practices
Ensure least-privilege and MFA with Azure AD (Entra ID), AWS IAM, and workload federation are enforced
Develop standards, policies, procedures and tabletop exercise scenarios
Review and recommend updates to security policies, procedures, and control documentation to ensure they reflect current security best practices and regulatory requirements
Monitor emerging threats, vulnerabilities, and industry best practices to ensure security controls remain effective and aligned with the evolving threat landscape
Research and assists in the piloting and evaluation of new tools, technologies, technical controls, and processes to support and enforce defined security policies
Support incident response (triage, containment, snapshot/metadata collection, forensics coordination, and post‑incident reviews) as required
Attend and actively contribute to team, project, project management, problem management, cloud migration and major incident conference calls as required
Performs other duties as assigned
Qualification
Required
A minimum of ten years of IS experience, with five years of hands-on cloud security engineering with Azure, AWS and/or GCP
A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred
Active Certifications Required (3 or more - CISSP, CCSP, GIAC (i.e., GCSA, GCLD, GCAD, GCPN, GPCS, GCTD), CKS, CCAK, Security+.)
Subject matter expert knowledge in encryption, KMS/Key Vault concepts, secrets management, identity federation (SAML/OIDC/OAuth2), and modern access controls
Hands‑on experience securing both Azure and AWS in production, including IAM, networking, storage, and monitoring across multiple accounts/subscriptions
Experience designing immutable logging and integrating cloud telemetry with SIEM/SOAR; skillful at alert tuning to reduce noise and surface true risk
Subject matter expert knowledge in Infrastructure-as-Code and CI/CD security. Proficiency reviewing IaC for security issues and implementing policy‑as‑code guardrails; strong understanding of secure provisioning patterns and drift control
Subject matter expert knowledge of Kubernetes and API security
Subject Matter Expert level knowledge of security tools, trends, methodologies and best practices for securing platforms and operating systems at the server, client and network level
Ability to script and automate with Python and/or PowerShell, use cloud CLIs/SDKs, and work with APIs/webhooks for integrations and workflows
Motivated self-starter who has a track record of taking ownership of information security challenges and driving them to resolution
Must be able to thrive in a fast-paced, rapidly evolving security department/environment with varying priorities, while interacting with other departments
Thorough and current understanding of a wide range of threat vectors and their potential exploits against current corporate controls and cloud specific attacks
Strong knowledge of industry frameworks related to information security (e.g. ISO 27000, NIST CSF, HIPAA Security, CIS Benchmarks, etc.). Ability to implement/enforce industry frameworks using cloud native services and automation
Maintain an expert knowledge of InfoSec industry trends and developments and advise on changes to the threat landscape
Knowledge of cloud networking, network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts
Excellent interpersonal, verbal and written communication, and organizational skills. Clear, concise communicator with the ability to produce standards, runbooks, diagrams, and executive‑level reporting
Experience supporting 24×7 incident response, including participation in major incident/problem calls
Maintains work effort status within SLA's on Brown University Health's Service Desk and Task Management Platforms
Preferred
An M.B.A. or M.S. in information security is preferred
Company
Brown University Health
Brown University Health provides an integrated academic health system offering hospital services, outpatient care and clinical education.
10001+ employees
H1B Sponsorship
Brown University Health has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (2)
2022 (3)
2021 (1)
Funding
Current Stage
Late StageRecent News
Bizjournals.com Feed (2025-11-12 15:43:17)
2026-01-17
Providence Business News
2026-01-14
Providence Business News
2025-12-30
Company data provided by crunchbase