HealthMark Group is a leading provider of health IT solutions for healthcare providers across the country. The Security Engineer will focus on cloud security and Infrastructure-as-Code to protect sensitive health information in a highly regulated environment.
Responsibilities:
- Design, implement, and maintain AWS-focused cloud security architecture aligned with HIPAA, NIST, and HITRUST
- Secure AWS environments using IAM, Organizations, CloudTrail, Config, GuardDuty, Security Hub, KMS, and network security controls
- Build, review, and maintain Infrastructure-as-Code using Terraform, ensuring security controls are versioned, auditable, and enforced by default
- Develop secure Terraform modules, guardrails, and policy-as-code to prevent misconfiguration and drift
- Partner with Development and CloudOps teams to implement DevSecOps practices, including CI/CD pipeline security and IaC scanning
- Establish and manage identity and access standards across AWS and Microsoft Entra
- Support SOC 2 Type II, HITRUST, HIPAA, and PCI audits with a focus on cloud control evidence
- Monitor cloud environments, triage security events, and respond to incidents in partnership with the MSP
- Maintain documentation related to cloud security architecture, IaC standards, and incident response
- Provide security mentorship and cloud security expertise across the organization
Requirements:
- Bachelor's degree in Computer Science, Engineering, or equivalent experience
- 3+ years of hands-on security engineering experience with strong AWS focus
- Hands-on experience with Terraform and Infrastructure-as-Code workflows
- Experience securing AWS workloads including compute, storage, and networking
- Experience with Microsoft Entra, Active Directory, and AWS IAM
- Experience with HIPAA, NIST, SOC 2, and HITRUST security controls
- Experience integrating security into CI/CD pipelines and DevSecOps workflows
- Strong knowledge of Windows operating systems and networking concepts
- Experience with Azure or GCP
- Experience with cloud security posture management and IaC scanning tools
- Knowledge of modern cloud attack vectors and mitigating controls
- Experience with cryptography, key management, and authentication mechanisms
- Security certifications such as CISSP, CISM, CSSLP, or AWS Security Specialty