Senior Cloud Security Engineer (AWS)

ABOUT THE ROLE:

As Rightway's pioneering Cloud Security Engineer, you'll lead the charge in securing cloud environments compliant with HIPAA and HITRUST standards. You will be instrumental in fortifying our current cloud infrastructure and shaping new cloud initiatives (“greenfields”) to support our B2B and B2C applications, directly impacting the healthcare outcomes of our members. We deeply believe in mentorship and learning from each other, so you can expect to both guide and be guided on your journey with us!

WHAT YOU’LL DO:

• Evaluate and deploy vulnerability scanners for web application, image, and container runtime security (e.g., Snyk, Trivy, StackRox, Checkov, Falco, Grype)
• Spearhead the scoring and triage of vulnerabilities, applying context to CVSS scores and utilizing threat intelligence, and other measures of exploitability (e.g., EPSS)  to prioritize real risks over false positives.
• Enhance CI/CD pipelines (e.g., BitBucket, CircleCI, Jenkins, GitLab) for gating security vulnerabilities detected at various levels (e.g. IaC, Container, OSS Library).
• Tune Web Application Firewalls (WAFs) such as CloudFlare or optimize AWS Web Application Firewall for robust OWASP based functionality/rulesets. 
• Configure Application Performance Monitoring (APM) tools (e.g. Datadog) to meet security and compliance requirements by writing regular expressions and queries.
• Craft scripts for threat detection and incident response, ensuring our proprietary applications remain secure against emerging threats.
• Design and enforce robust security controls to enhance key management.
• Deploy tooling such as Prowler, CloudCustodian, etc. to perform best practice assessment and embrace Governance as Code, to meet HIPAA/HITRUST requirements. 
• Coordinate external/internal infrastructure penetration testing then validate, prioritize, and mitigate/remediate findings. 
• Manage zero-trust network architectures, ensuring secure and compliant connectivity between endpoints and cloud services. (e.g., ZScaler, Twingate).
• Partners with DevOps/SRE function to provide security input and architecture review of current AWS infrastructure and greenfield AWS/Kubernetes infrastructure (EKS).
•  

WHO YOU ARE: 

• 10 years of experience, with at least 5 years in a dedicated cloud security or DevOps/DevSecOps/SRE role.
• Maintains a cloud/security certification such as CCSP, AWS Solutions Architect, AWS Security Specialty, CEH.
• Proficient in both data manipulation languages (e.g. Python) for security analysis and infrastructure-as-code (e.g. Terraform, CloudFormation).
• Intimately familiar with infrastructure security concepts such as rate limiting, lateral movement, key management, container escape, etc.
• Enjoy using AWS GuardDuty, Inspector, Landing Zones and other security services.
• Operated in one or more regulated environments (e.g., healthcare, finance, education) 
• Able to explain nuanced infrastructure and security concepts to diverse stakeholders.
• Positive, collaborative, and proactive attitude comfortable working independently.

BASE SALARY: $148,000 - …