Security Engineer

Job Title: Security Engineer Cloud & Healthcare Compliance

Department: Engineering & Infrastructure

Work Mode: Remote

Employment Type: Full-Time

Experience Required: 59 Years

Role Summary

Own end-to-end security across cloud infrastructure, applications, and data pipelines while ensuring compliance with HIPAA, SOC 2, and ISO 27001, working closely with engineering and clinical teams to embed security throughout the product lifecycle.

Key Responsibilities

Design and implement Zero Trust architecture across AWS/Azure/GCP environments

Manage IAM, SIEM, WAF, secrets management, and CSPM tools

Secure PHI data flows across APIs, IoMT, FHIR/HL7 integrations, and analytics pipelines

Enforce encryption standards including AES-256 and TLS 1.3 with proper key lifecycle management

Lead HIPAA compliance implementation across Privacy, Security, and Breach Notification rules

Build audit trails for PHI access, system events, and compliance investigations

Implement RBAC and ABAC policies with dynamic access controls

Support SOC 2 Type II and ISO 27001 audit readiness and remediation

Conduct threat modeling using STRIDE/PASTA frameworks

Implement Secure SDLC with SAST, DAST, and SCA tools in CI/CD pipelines

Perform penetration testing and enforce secure coding practices aligned with OWASP Top 10

Develop and execute incident response plans aligned with HIPAA breach timelines

Manage vulnerabilities, CVEs, and patching across infrastructure and applications

Secure IoMT device integrations including authentication, firmware integrity, and protocols like HL7, DICOM

Drive security awareness, governance policies, vendor risk assessments, and reporting metrics

Required Qualifications

Bachelors or Masters degree in Computer Science, Cybersecurity, or related field

Certifications preferred such as CISSP, CISM, CCSP, CEH, or cloud security certifications

59 years of experience in information security with at least 3 years in cloud security

Hands-on experience with HIPAA compliance implementation in healthcare or SaaS

Experience with SOC 2 Type II or ISO 27001 audits

Strong expertise in AWS/Azure/GCP security services and SIEM tools

Experience with container security, Kubernetes, and DevSecOps practices

Proficiency in Python, Bash, or PowerShell scripting

Knowledge of PKI, certificate lifecycle, and HSM integration

Familiarity with FHIR, HL7, DICOM security standards

Preferred Qualifications

Experience securing AI/ML systems and LLM-based applications

Knowledge of IoMT security frameworks and healthcare compliance standards

Understanding of India DPDP Act 2023 and global data privacy regulations

Experience with GDPR, HITRUST, or FedRAMP in SaaS environments

Background in infrastructure-as-code security and GitOps workflows