This job has closed.

Partner's Consulting, Inc. · 1 month ago

Principal Cloud Security Engineer

Philadelphia, PA

Full-time

Hybrid

Lead/Staff

12+ years exp

Partner's Consulting, Inc. is seeking a Principal Cloud Security Engineer who will play a pivotal role in the cloud security service delivery model. The role combines deep technical expertise and collaboration across teams to design, implement, and optimize cloud security controls and service lines, focusing on securing the organization's cloud migration and supporting cloud security initiatives.

Information Technology & Services

Responsibilities

Demonstrate collaboration with internal stakeholders, vendors, and supporting teams to design, implement, and maintain security technologies across network, endpoint, identity, and cloud infrastructure

Drive continuous improvement and coverage of cloud security controls by validating alerts, triaging escalations, and working with the MSP to fine-tune detection and prevention capabilities

Lead or support the development of incident response plans, engineering runbooks, tabletop exercises, and system hardening guides

Ensure alignment of security architectures with organization's policies, standards, and external frameworks such as NIST SP 800-53, HIPAA, PCI-DSS, CISA ZTMM, CIS Benchmarks, and Microsoft CAF Secure Methodology, AWS CAF, AWS Well Architected framework, Google CAF

Participate in design and governance forums to provide security input into infrastructure, DevSecOps, and cloud-native application strategies

Assist with audits, compliance assessments, risk remediation plans, and evidence collection with internal compliance and external third-party stakeholders

Mentor and support junior InfoSec engineers through documentation, training, and peer reviews

Works independently to initiate assignments and draws upon extensive professional knowledge and experience to make independent judgments regarding analysis, evaluation, development, and implementation of enterprise long-term solutions and operating initiatives to ensure that enterprise architectural objectives are aligned with organizational needs and strategic goals

Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and DTS strategies

Functions as the Subject Matter Expert (SME) to maintain an understanding of the DTS business and clinical applications and the relationship to InfoSec and compliance solutions

Works with other architects to provide a consensus-based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering

Works with highly matrixed team of DTS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption)

Supports and/or leads activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates DTS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models

Supports all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information

Qualification

Cloud SecurityIdentityAccess ManagementInformation SecurityRegulatory ComplianceRisk ManagementCloud TechnologiesProject ManagementHealthcare ExperienceSDLC MethodologiesCISSP CertificationCloud Security CertificationsInterpersonal SkillsCommunication SkillsTeam Collaboration

Required

Bachelor's degree in Computer Science, Information Systems, or related field

At least twelve (12) years of industry related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management or operations) in a multitier environment

At least six (6) years of experience with information security, regulatory compliance and risk management concepts

At least three (3) years of experience with Identity and Access Management, user provisioning, Role-based Access Control, or control self-assessment methodologies and security awareness training

Experience with Cloud and/or Virtualization technologies

At least three (3) years in working with matrixed high performance teams

Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project)

Strong interpersonal and communication skills; ability to convey technical concepts to non-technical stakeholders

Certified Information Systems Security Professional (CISSP) certifications

Cloud security certifications