Key skills
AWSTerraformIAMCloudWatchAPI GatewayOktaSAMLSSOGitSaaSCI/CDStrategic PlanningCloud SecurityWAF
About this role
Milliman is a respected consultancy that develops SaaS products for the insurance and health IT sectors. The Senior Information Security Engineer will enhance security programs, collaborate with engineering teams, and respond to security threats, ensuring the safety of technology and data.
Responsibilities:
- Improve, monitor and maintain our Information Security Program
- Execute security initiatives related to infrastructure, product and data
- Contribute to the strategic planning of security work, make strategic recommendations and improvements to our security
- Work with application and cloud engineers to improve the security of various product features
- Design and implement security controls and measures to protect our application and data
- Monitor and analyze security events and incidents and respond promptly to security breaches
- Collaborate with development teams to integrate security best practices throughout the software development lifecycle
- Quickly and proactively respond to incoming security threats
- Continually assess, address and report on the levels of threat and preparedness
- Assist in maintaining compliance with industry standards relevant to our organization
Requirements:
- 5+ years of relevant experience with 3+ years deep, hands-on AWS experience
- Strong Okta experience: SSO/SAML/OIDC setup, adaptive MFA, app sign-on policies, SCIM, custom auth server and claims, CIAM policies and use cases
- Expert-level AWS IAM: role/permission boundary design, resource policies, cross-account patterns, session management etc
- Strong API security: OAuth2/OIDC, JWTs; token lifecycles and scopes, experience with API Gateway, schema validation, abuse detection, rate limiting, mTLS
- Proficiency with Terraform and Git-based CI/CD; able to implement policy-as-code and pre-merge guardrails
- Cloud security monitoring/detections: CloudTrail, Config, GuardDuty, CloudWatch etc
- Scripting/Automation in at least one modern language/framework
- Solid data protection and secrets management using AWS KMS and Secrets Manager; practical cryptography for engineering use
- Continued education and/or advanced degree(s)
- Experience in environments subject to HITRUST, HIPAA and/or PCI regulations
- Experience in software-as-a-service, actuarial science, and/or insurance underwriting industry
- Incident Management experience for identity and APIs
- Bot management and advanced WAF tuning