Key skills
Application securityCloud securityIncident responseVulnerability managementAWSSecurity toolingSecure software developmentThreat modelingPythonBashAnalytical skillsKubernetesDevSecOps toolingRelevant certificationsCommunication skillsECSEKSLambdaIAMAuth0OktaSaaSCI/CDOWASPCloud Security
About this role
Arcadia is dedicated to transforming healthcare through data, aiming for happier and healthier days for all. They are seeking a Senior Engineer – Security (Application Security) to protect their cloud-native healthcare platform by building and improving security controls while contributing to incident response and threat mitigation efforts.
Responsibilities:
- Design, implement, and maintain application security controls across Arcadia’s cloud-native SaaS platform
- Partner with Product and Engineering teams to embed security into system design, development workflows, and CI/CD pipelines
- Conduct threat modeling, architecture reviews, and secure design assessments for new and existing services
- Own and improve vulnerability management processes, including identification, prioritization, and remediation tracking
- Implement and maintain security tooling such as SAST, DAST, dependency scanning, container scanning, and secrets detection
- Participate in security incident response activities including detection, investigation, containment, and remediation
- Monitor and analyze logs, alerts, and security events to identify suspicious activity and emerging threats
- Contribute to detection engineering by tuning alerts, improving signal quality, and reducing noise
- Support threat intelligence analysis and apply insights to improve preventive and detective controls
- Perform post-incident analysis and recommend technical and process improvements
- Build security-as-code solutions to automate control enforcement, validation, and remediation
- Use scripting and automation to reduce manual effort and improve consistency
- Support secure AWS architecture using services such as EKS, ECS, Lambda, IAM, and VPC
- Contribute to identity and access management best practices across AWS, Okta/Auth0, and SaaS platforms
- Translate compliance requirements (e.g., SOC 2, ISO 27001, HITRUST, HIPAA) into practical technical controls
- Partner with Security Assurance to support audits, evidence collection, and continuous control monitoring
- Help identify and remediate security risks discovered through assessments, audits, or incidents
Requirements:
- 6+ years of experience in application security, cloud security, or security engineering roles
- Strong hands-on experience securing cloud-native, SaaS-based environments (AWS required)
- Solid understanding of application security principles and common vulnerabilities (OWASP Top 10)
- Solid understanding of secure software development practices and CI/CD integration
- Solid understanding of cloud security architecture and IAM
- Solid understanding of incident detection and response fundamentals
- Experience with security tools such as SIEM, SAST/DAST, EDR, vulnerability scanners, and cloud security platforms
- Ability to script and automate security workflows using Python, Bash, or similar languages
- Strong analytical skills and the ability to clearly communicate security risks and recommendations
- Experience in healthcare or other regulated industries
- Familiarity with Kubernetes, container security, and modern DevSecOps tooling
- Experience contributing to detection engineering or threat analysis efforts
- Relevant certifications such as AWS Security Specialty, CISSP, CCSP, or GIAC certifications