Information Security Engineer III, Application and Cloud Security Lead jobs in United States
cer-icon
Apply on Employer Site
company-logo

Mass General Brigham · 4 months ago

Information Security Engineer III, Application and Cloud Security Lead

positionSomerville, MA
timeFull-time
remoteHybrid
senioritySenior Level
money$92K/yr - $155K/yr
date5+ years exp

Mass General Brigham is a not-for-profit organization that supports patient care, research, teaching, and community service. They are seeking an Information Security Engineer III – Application and Cloud Security Lead to provide leadership within their cybersecurity team, overseeing security practices related to application development and cloud infrastructure while mentoring junior engineers and driving continuous improvement in security posture.

Health CareHome Health CareMedical
check
H1B Sponsor Likelynote

Responsibilities

Collaboratively design the application and cloud security program to meet the needs of Mass General Brigham. Lead engineers in the execution of the strategic roadmap
Leads the design, development, testing, and implementation of advanced security controls for application development and cloud environments based on published information security policies and business requirements
Establishes and maintains a secure software development lifecycle (SSDLC), incorporating security checkpoints, threat modeling, secure coding standards, and rigorous testing practices
Drives the implementation and ongoing management of Cloud Security Posture Management (CSPM) tools and strategies, ensuring continuous monitoring and proactive remediation of cloud security issues
Implement and maintain code analysis tools (e.g., SAST, DAST, IAST, SCA, etc.) to identify security vulnerabilities in code before deployment. Collaborate with development teams to integrate these tools into workflows and provide actionable insights to remediate identified issues, fostering a proactive approach to secure coding practices
Serves as a technical leader within the cybersecurity team, providing guidance, mentorship, and professional development opportunities for junior and mid-level security engineers
Collaborates closely with development, operations, and DevOps teams to embed security seamlessly into software development and deployment processes, fostering a DevSecOps culture
Conducts and oversees application and cloud security assessments, including penetration testing, code reviews, configuration audits, and vulnerability management efforts
Innovates by researching, evaluating, and proposing new security technologies and methods specifically designed to improve the organization's application and cloud security maturity
Ensures high-quality, maintainable, and scalable security solutions through comprehensive architecture reviews, security assessments, and alignment with best practices
Responds promptly and effectively to complex security incidents involving applications and cloud resources, providing expert guidance and leading remediation efforts
Engages proactively with vendors, industry partners, and stakeholders to leverage external expertise, technologies, and best practices
Aligns all actions and decisions with organizational values, including Patients First, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and demonstrates commitment to Diversity & Inclusion, Integrity & Respect, Learning & Continuous Improvement, Personal Growth, and Teamwork & Collaboration
Performs other duties and responsibilities as assigned

Qualification

DevSecOpsCloud security expertiseApplication Security Testing ToolsSecure Code DevelopmentCI/CD Pipeline HardeningApplicationCode Vulnerability AnalysisStrategic program buildOWASP Top 10Continuous improvementLeadership skillsProject managementCommunication skillsTeam collaborationProblem-solvingMentorship

Required

Bachelor's degree in Information Security, Computer Science, or related field; advanced degrees or equivalent professional experience preferred
Minimum of 5+ years of progressive experience in application security, cloud security, or related cybersecurity roles
Expert-level knowledge and practical experience in secure software development methodologies, OWASP Top 10, and application security testing tools (SAST, DAST, IAST)
A comprehensive understanding of secure coding principles, with the ability to guide development teams in adhering to these best practices
Proven expertise in securing major cloud platforms (AWS, Azure, GCP), including experience with Cloud Security Posture Management tools, cloud-native security services, and infrastructure-as-code security
Deep understanding of modern software architectures, microservices, APIs, and container security best practices (e.g., Docker, Kubernetes)
Ability to think strategically, creatively, and innovatively to design and implement robust security controls
Demonstrated leadership skills with strong project management capabilities, able to effectively communicate complex technical security issues clearly to technical and non-technical stakeholders
Proven track record of delivering and managing successful security projects and continuous improvement initiatives
Strong ability to apply documented processes, playbooks, and frameworks (e.g., OWASP, NIST CSF, etc.) to effectively address and resolve a wide variety of application security challenges
Knowledge of established security frameworks, including NIST Cybersecurity Framework (CSF), NIST 800-53 with a focus on their application in securing software and application environments
Must know how to use common M365 Office Suite of products

Preferred

Relevant industry certifications preferred (CISSP, CCSP, CSSLP, AWS/Azure Security Specialty, GIAC certifications)
Hands-on experience with static and dynamic application security testing tools is preferred
Preferred certifications include: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester Certification (GPEN), GIAC Experienced Penetration Tester (GX-PT), GIAC Certified Red Team Professional (GRTP), GIAC Security Operations Certified (GSOC), GIAC Security Expert (GSE), etc

Benefits

Comprehensive benefits
Career advancement opportunities
Differentials
Premiums
Bonuses
Recognition programs designed to celebrate your contributions and support your professional growth

Company

Mass General Brigham

twittertwittertwitter
Glassdoor3.7
company-logo
Mass General Brigham specializes in providing medical treatments and health diagnostics services.
dateFounded in 1994
location
Somerville, Massachusetts, USA
people-size10001+ employees
web-link
https://www.massgeneralbrigham.org

H1B Sponsorship

Mass General Brigham has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (77)
2024 (61)
2023 (93)
2022 (70)
2021 (80)
2020 (29)

Funding

Current Stage
Late Stage

Leadership Team

E
Erin Flanigan
SVP, Human Resources, Community, Specialty Hospital Division
linkedin
leader-logo
O’Neil A. Britton
Chief Integration Officer, Executive Vice President
linkedin

Recent News

Medical Xpress - latest medical and health news stories
Single-dose oral cholera vaccine completes phase 1 trial with promising results
2026-01-08
Medical Xpress - latest medical and health news stories
Novel AI tool offers prognosis for patients with head and neck cancer
2025-12-29
MedCity News
Hospital-at-Home Bodes Well for Rural Patients, Research Shows
2025-12-27
Company data provided by crunchbase