Key skills
AWSOktaAPI securityTerraformCloud security monitoringScripting/AutomationData protectionIAMCloudWatchAPI GatewaySAMLSSOGitSaaSCI/CDStrategic PlanningCloud SecurityWAF
About this role
Milliman is a respected consultancy with a focus on developing data-driven SaaS products for insurance and health IT clients. The Senior Information Security Engineer will play a crucial role in enhancing security programs, collaborating with engineering teams, and responding to external threats to ensure the safety of technology, processes, and data.
Responsibilities:
- Improve, monitor and maintain our Information Security Program
- Execute security initiatives related to infrastructure, product and data
- Contribute to the strategic planning of security work, make strategic recommendations and improvements to our security
- Work with application and cloud engineers to improve the security of various product features
- Design and implement security controls and measures to protect our application and data
- Monitor and analyze security events and incidents and respond promptly to security breaches
- Collaborate with development teams to integrate security best practices throughout the software development lifecycle
- Quickly and proactively respond to incoming security threats
- Continually assess, address and report on the levels of threat and preparedness
- Assist in maintaining compliance with industry standards relevant to our organization
Requirements:
- 5+ years of relevant experience with 3+ years deep, hands-on AWS experience
- Strong Okta experience: SSO/SAML/OIDC setup, adaptive MFA, app sign-on policies, SCIM, custom auth server and claims, CIAM policies and use cases
- Expert-level AWS IAM: role/permission boundary design, resource policies, cross-account patterns, session management etc
- Strong API security: OAuth2/OIDC, JWTs; token lifecycles and scopes, experience with API Gateway, schema validation, abuse detection, rate limiting, mTLS
- Proficiency with Terraform and Git-based CI/CD; able to implement policy-as-code and pre-merge guardrails
- Cloud security monitoring/detections: CloudTrail, Config, GuardDuty, CloudWatch etc
- Scripting/Automation in at least one modern language/framework
- Solid data protection and secrets management using AWS KMS and Secrets Manager; practical cryptography for engineering use
- Continued education and/or advanced degree(s)
- Experience in environments subject to HITRUST, HIPAA and/or PCI regulations
- Experience in software-as-a-service, actuarial science, and/or insurance underwriting industry
- Incident Management experience for identity and APIs
- Bot management and advanced WAF tuning