Senior Security Engineer

Responsibilities:

• Design, build, and implement Just-in-Time (JIT) access controls and Privileged Access Management (PAM) workflows to eliminate standing privileged accounts in production.
• Conduct platform permission reviews and implement a least-privilege access model for cloud and application roles.
• Ensure 100% of production access requests and approvals are captured in audit logs.
• Lead the implementation, tuning, and operation of security tools in the CI/CD pipeline, including SAST, DAST, SCA, and secrets scanning.
• Develop custom SAST rules to detect specific, high-risk flaw patterns, such as authorization bypasses or insecure PII/PHI handling.
• Partner with engineering to deploy IDE plugins and automated PR checks that block sensitive data exposure before deployment.
• Conduct manual security code reviews for high-risk features and cryptographic implementations.
• Design, build, and maintain automation for the end-to-end vulnerability management lifecycle.
• Engineer automated workflows to triage, validate, and assign new vulnerabilities
• Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations and compliance checks.
• Partner with SecOps to build high-fidelity SIEM correlation rules and automated response playbooks.
• Design, implement, and maintain encryption strategies for data at rest and in transit, ensuring PHI is protected in compliance with HIPAA.
• Manage the cryptographic key lifecycle and administer key management systems
• Design and implement secure cloud network architectures (VPCs, subnets, security groups, NACLs) and network segmentation strategies.
• Lead the remediation of cloud security findings
• Implement and manage a centralized security control plane
• Design and implement Data Loss Prevention (DLP) policies for endpoints and cloud services to protect against sensitive data exfiltration.
• Design and enforce security configurations and hardening standards for diverse operating systems (macOS, Windows, Linux) via MDM/UEM platforms.
• Manage and tune endpoint security solutions, including EDR/XDR (e.g., CrowdStrike).
• Lead threat modeling sessions for new features and conduct secure design reviews of system architectures, applications, and APIs.
• Act as an embedded security partner and subject matter expert for product and platform teams, providing technical guidance and mentorship.
• Develop and manage security programs for emerging risks, including SaaS security and AI security.

Required Qualifications:

• 6+ years of experience in security engineering, with hands-on expertise in both application security and cloud security (AWS strongly preferred).
• Strong proficiency in at least one scripting or programming language (Python or Go preferred) for security automation.
• Demonstrable experience in two or more of the following core areas: 1) Application & SDLC Security, specifically with SAST, DAST, and SCA tools (e.g., Semgrep, Snyk, Burp Suite) and CI/CD automation; 2) Security Automation & Engineering using SOAR platforms (e.g., Tines) and Terraform; 3) Cloud Security (AWS/GCP) with a focus on designing secure cloud-native services (VPCs, IAM, WAF, CSPM); 4) Identity & Encryption, including JIT access controls, PAM, and cryptographic key lifecycles; or 5) Endpoint & Data Security utilizing EDR/XDR, DLP, and MDM solutions.
• Experience securing containerized environments (Docker, Kubernetes).
• Previous experience in healthcare, fintech, or other highly regulated industries
• Excellent communication skills, with the ability to explain complex security risks to both technical and non-technical stakeholders.

Preferred Qualifications:

• Experience with mobile application security (iOS/Android).
• Familiarity with AI security principles and governing LLM usage.
• Experience building or managing a SaaS security (SSPM) program.
• Background in software development, DevOps, or Site Reliability Engineering.
• Experience with incident response, threat hunting, and forensics.
• Relevant security certifications such as: CISSP, GIAC certifications (GWAPT, GPEN, GCIH), AWS Certified Security – Specialty or GCP Professional Cloud Security Engineer, OSCP, CEH, or other offensive security certifications
• Contributions to open-source security projects or active participation in the security community

Physical/Cognitive Requirements:

• Capability to remain seated in a stationary position for prolonged periods.
• Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.
• Capability to work with leadership, employees, and members in an appropriate manner.