99 applicants

Company

PatientNow · 4 hours ago

Cybersecurity Engineer

Remote (United States)

Full-time

Remote

Senior Level, Lead/Staff

8+ years exp

Maximize your interview chances

AssociationHealth Care

Insider Connection @PatientNow

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Design and implement the Cloud Security Posture Management (CSPM) program to ensure comprehensive security across the AWS environment.

Harden AWS resources through advanced configurations for IAM, S3 bucket policies, VPC security, and security groups.

Analyze AWS security logs and alerts from services like CloudTrail, GuardDuty, Security Hub, and Config to proactively detect and mitigate threats.

Configure and fine-tune Datadog dashboards, monitors, and alerts for infrastructure and security monitoring, integrating with AWS services to ensure real-time visibility.

Conduct forensic analysis and investigate security incidents, implementing long-term preventive measures.

Automate incident detection and response workflows using tools such as AWS Lambda and Step Functions.

Lead the implementation of PCI compliance and align the infrastructure with DSS requirements.

Enhance and maintain HIPAA and SOC2 compliance, including evidence collection and audit readiness.

Define and enforce governance policies for AWS resources as it relates to encryption, access control, and data lifecycle management.

Design and implement a comprehensive vulnerability management plan, including the selection and integration of tools such as Tenable, Qualys, or AWS Inspector, to identify, prioritize, and remediate security vulnerabilities.

Coordinate with third-party vendors to schedule and complete penetration tests, ensuring timely execution and adherence to organizational security standards. Review findings with internal teams to prioritize and implement remediation efforts.

Perform detailed risk assessments and recommend controls to mitigate security gaps effectively.

Develop, test, and maintain an Incident Response Plan (IRP) to address potential threats and breaches effectively.

Collaborate with the Infrastructure team to design, implement and facilitate testing of the Business Continuity and Disaster Recovery (BC/DR) plan, including periodic drills and simulations.

Conduct threat modeling exercises for applications and infrastructure to identify and prioritize mitigation strategies.

Independently research and stay updated on emerging security trends, vulnerabilities, and tools.

Continuously evaluate and recommend improvements to the security architecture to align with evolving threats and business needs.

Act as the primary point of contact for security-related escalations, providing expert guidance and resolution.

Assist in developing comprehensive training materials to elevate security awareness across the organization.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

AWSCloud Security Posture ManagementHIPAA complianceSOC2 compliancePCI complianceIncident Response PlanningVulnerability ManagementRisk AssessmentsAWS Security ServicesMonitoring ToolsDatadogCISSPCCSPPCIP

Required

Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related technical field. Equivalent experience and certifications will be considered in lieu of a degree.

8 –10 years of hands-on cybersecurity experience with a strong focus designing and implementing robust security solutions in a cloud-based environment (AWS).

Extensive experience with AWS security services (IAM, CloudTrail, Config, GuardDuty, WAF) and ability to secure and optimize cloud environments.

Proven expertise in Cloud Security Posture Management (CSPM), monitoring tools (e.g., Datadog), and AWS-native alerting services.

Deep understanding and practical application of compliance frameworks: HIPAA, SOC2, PCI (implementation required), and GDPR.

Strong experience designing and implementing vulnerability management programs and collaborating with vendors for penetration testing and remediation.

Advanced knowledge of incident response planning, including developing and executing plans to mitigate and respond to security incidents.

Demonstrated expertise in conducting risk assessments, identifying gaps, and recommending actionable mitigation strategies.

Proven experience in supporting external security audits.

Strong communication skills, with the ability to work effectively in a team-oriented, collaborative environment.

Relevant certifications (prioritized in order of importance): AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), PCI Professional (PCIP).