Key skills
ASP.NETAWSCloudPostgres.NETIAMCloudWatchPostgreSQLOAuthJWTOpenTelemetryLeadershipWAF
About this role
Role Overview
- We are seeking a Security Consultant (Staff) to provide security leadership and guidance across application modernization and database migration workstreams.
- This role will establish security, logging, observability, and compliance standards while ensuring the modernized environment aligns with public sector and healthcare data protection requirements.
- As the primary security resource supporting multiple workstreams, the consultant will focus on defining patterns, governance, and best practices rather than implementing every security control directly.
- Define and oversee security, logging, and observability standards throughout modernization and migration efforts
- Establish secure architecture patterns for AWS-based target environments
- Develop and promote IAM, secrets management, and least-privilege access strategies
- Ensure proper handling and protection of PHI and PII data within healthcare and Medicaid-related systems
- Advise teams on compliance requirements applicable to state government workloads
- Review application security controls, authentication and authorization approaches, and secure coding practices
- Assess converted database access patterns and connection security, including Aurora PostgreSQL endpoints
- Provide guidance on encryption, monitoring, logging, and auditability requirements
- Support risk identification, remediation planning, and security governance activities
- Collaborate with technical teams to embed security best practices throughout the delivery lifecycle
Requirements
- Security & Application Modernization
- Strong experience performing secure code reviews and application security assessments
- Expertise with ASP.NET Core security best practices
- Experience migrating authentication and authorization frameworks, including: Forms Authentication System.Web.Security Membership ASP.NET Core Identity OIDC / OAuth 2.0 JWT-based authentication
- Knowledge of: CORS configuration Anti-forgery protections ASP.NET Core Data Protection APIs (MachineKey replacement)
- AWS Security
- Hands-on expertise with: IAM Roles and Policies AWS Secrets Manager AWS Systems Manager Parameter Store AWS Key Management Service (KMS) Security Groups AWS WAF Amazon GuardDuty AWS CloudTrail
- Experience securing cloud-native applications and database workloads
- Observability & Monitoring
- Experience implementing structured logging solutions using: Serilog Microsoft.Extensions.Logging
- Knowledge of: OpenTelemetry CloudWatch Logs CloudWatch Metrics Distributed tracing and correlation IDs across modernized application stacks
- Data Protection & Compliance
- Experience supporting environments containing PHI and PII
- Knowledge of: Encryption in transit (TLS) Encryption at rest Database and field-level protection strategies
- Familiarity with healthcare and government compliance requirements, including: HIPAA NIST 800-53 State government security frameworks StateRAMP and FedRAMP concepts
- Preferred Qualifications AWS Certified Security – Specialty certification
- Prior experience supporting Medicaid, healthcare, health-and-human-services, or other public sector programs
- Experience securing large-scale modernization or cloud migration initiatives
- Familiarity with AWS-based application modernization and database migration projects
Tech Stack
- ASP.NET
- AWS
- Cloud
- Postgres
- .NET
Benefits
- Important Screening Requirements
- Due to client and clearance requirements
- Candidates must be U.S. Citizens or U.S. Permanent Residents (Green Card holders) and able to work in the United States without current or future visa sponsorship.
- Undergo fingerprinting as part of the onboarding process
- Successfully complete a government background investigation (CJIS-type clearance)