FreshRemote.Work

Senior Cloud Security Engineer (AWS) - Remote

ABOUT THE ROLE:

As Rightway's pioneering Cloud Security Engineer, you'll lead the charge in securing cloud environments compliant with HIPAA and HITRUST standards. You will be instrumental in fortifying our current cloud infrastructure and shaping new cloud initiatives (“greenfields”) to support our B2B and B2C applications, directly impacting the healthcare outcomes of our members. We deeply believe in mentorship and learning from each other, so you can expect to both guide and be guided on your journey with us!

WHAT YOU’LL DO:

  • Evaluate and deploy vulnerability scanners for web application, image, and container runtime security (e.g., Snyk, Trivy, StackRox, Checkov, Falco, Grype)
  • Spearhead the scoring and triage of vulnerabilities, applying context to CVSS scores and utilizing threat intelligence, and other measures of exploitability (e.g., EPSS)  to prioritize real risks over false positives.
  • Enhance CI/CD pipelines (e.g., BitBucket, CircleCI, Jenkins, GitLab) for gating security vulnerabilities detected at various levels (e.g. IaC, Container, OSS Library).
  • Tune Web Application Firewalls (WAFs) such as CloudFlare or optimize AWS Web Application Firewall for robust OWASP based functionality/rulesets. 
  • Configure Application Performance Monitoring (APM) tools (e.g. Datadog) to meet security and compliance requirements by writing regular expressions and queries.
  • Craft scripts for threat detection and incident response, ensuring our proprietary applications remain secure against emerging threats.
  • Design and enforce robust security controls to enhance key management.
  • Deploy tooling such as Prowler, CloudCustodian, etc. to perform best practice assessment and embrace Governance as Code, to meet HIPAA/HITRUST requirements. 
  • Coordinate external/internal infrastructure penetration testing then validate, prioritize, and mitigate/remediate findings. 
  • Manage zero-trust network architectures, ensuring secure and compliant connectivity between endpoints and cloud services. (e.g., ZScaler, Twingate).
  • Partners with DevOps/SRE function to provide security input and architecture review of current AWS infrastructure and greenfield AWS/Kubernetes infrastructure (EKS).
  •  

WHO YOU ARE: 

  • 10 years of experience, with at least 5 years in a dedicated cloud security or DevOps/DevSecOps/SRE role.
  • Maintains a cloud/security certification such as CCSP, AWS Solutions Architect, AWS Security Specialty, CEH.
  • Proficient in both data manipulation languages (e.g. Python) for security analysis and infrastructure-as-code (e.g. Terraform, CloudFormation).
  • Intimately familiar with infrastructure security concepts such as rate limiting, lateral movement, key management, container escape, etc.
  • Enjoy using AWS GuardDuty, Inspector, Landing Zones and other security services.
  • Operated in one or more regulated environments (e.g., healthcare, finance, education) 
  • Able to explain nuanced infrastructure and security concepts to diverse stakeholders.
  • Positive, collaborative, and proactive attitude comfortable working independently.

BASE SALARY: $148,000 - $190,000

CYBERSECURITY AWARENESS NOTICE

In response to ongoing and industry-wide fraudulent recruitment activities (i.e., job scams), Rightway wants to inform potential candidates that we will only contact them from the @rightwayhealthcare.com email domain. We will never ask for bank details or deposits of any kind as a condition of employment. If you have any questions about a suspicious interaction with Rightway, please feel free to reach out to us at hr@rightwayhealthcare.com.

ABOUT RIGHTWAY:

Rightway is on a mission to harmonize healthcare for everyone, everywhere. Our products guide patients to the best care and medications by inserting clinicians and pharmacists into a patient’s care journey through a modern, mobile app. Rightway is a front door to healthcare, giving patients the tools they need along with on-demand access to Rightway health guides, human experts that answer their questions and manage the frustrating parts of healthcare for them.

Since its founding in 2017, Rightway has raised over $130mm from investors including Khosla Ventures, Thrive Capital, and Tiger Global at a valuation of $1 billion. We’re headquartered in New York City, with a satellite office in Denver. Our clients rely on us to transform the healthcare experience, improve outcomes for their teams, and decrease their healthcare costs.

HOW WE LIVE OUR VALUES TO OUR TEAMMATES:

We’re seeking those with passion for healthcare and relentless devotion to our goal. We need team members who will:

  • We are human first

Our humanity binds us together. We bring the same empathetic approach to every individual we engage with, whether it be our members, our clients, or each other. We are all worthy of respect and understanding and we engage in our interactions with care and intention. We honor our stories. We listen to—and hear—each other, we celebrate our differences and similarities, we are present for each other, and we strive for mutual understanding. 

  • We redefine what is possible 

We always look beyond the obstacles in front of us to imagine new solutions. We approach our work with inspiration from other industries, other leaders, and other challenges. We use ingenuity and resourcefulness when faced with tough problems.

  • We debate then commit 

We believe that a spirit of open discourse is part of a healthy culture. We understand and appreciate different perspectives and we challenge our assumptions. When working toward a decision or a new solution, we actively listen to one another, approach it with a “yes, and” mentality, and assume positive intent. Once a decision is made, we align and champion it as one team.

  • We cultivate grit 

Changing healthcare doesn’t happen overnight. We reflect and learn from challenges and approach the future with a determination to strive for better. In the face of daunting situations, we value persistence. We embrace failure as a stepping stone to future success. On this journey, we seek to act with guts, resilience, initiative, and tenacity.

  • We seek to delight

Healthcare is complicated and personal. We work tirelessly to meet the goals of our clients while also delivering the best experience to our members. We recognize that no matter the role or team, we each play a crucial part in our members’ care and take that responsibility seriously. When faced with an obstacle, we are kind, respectful, and solution-oriented in our approach. We hold ourselves accountable to our clients and our members’ success. 

Rightway is a healthcare company looking to improve healthcare outcomes for everyone, everywhere. With that in mind, we have to consider what is good for the health of our team, the company, and the communities we operate in. As such, Rightway has determined a mandatory COVID-19 vaccination policy for all employees, in combination with other safety precautions, is the best way forward.

 

Rightway is PROUDLY an Equal Opportunity Employer that believes in strength in the diversity of thought processes, beliefs, background and education and fosters an inclusive culture where differences are celebrated to drive the best business decisions possible. We do not discriminate on any basis covered by appropriate law. All employment is decided on the consideration of merit, qualifications, need and performance.

Apply

Job Profile

Skills

APM Tools AWS AWS Security Services CI/CD CI/CD pipelines CloudFormation Container Security Datadog DevOps HIPAA HITRUST Incident Response Key Management Kubernetes Penetration Testing Python SRE Terraform Threat Detection Vulnerability Scanners Web Application Firewalls Web application security Zero-Trust Network Architectures

Tasks
  • Configure APM tools
  • Coordinate penetration testing
  • Craft scripts for threat detection and incident response
  • Design and enforce security controls
  • Enhance CI/CD pipelines
  • Evaluate and deploy vulnerability scanners
  • Manage zero-trust network architectures
  • Provide security input and architecture review
  • Spearhead scoring and triage of vulnerabilities
  • Tune Web Application Firewalls
Experience

10 years

Education

Business Finance

Certifications

AWS Security Specialty AWS Solutions Architect CCSP CEH