Key skills
SOC 2 complianceHIPAA complianceCloud securityAWSAzureRole-Based Access Control (RBAC)Multi-Factor Authentication (MFA)Audit loggingSecurity monitoringData encryptionSecurity governance frameworksSecurity assessmentsVulnerability managementRisk analysisNIST Cybersecurity FrameworkDevOpsCI/CDIncident responseDisaster recoveryBusiness continuityCISSPCISMCCSPCompTIA Security+AWS Security SpecialtyAzure Security Engineer AssociateStakeholder ManagementAIMLSaaSSDLCCommunicationCloud Security
About this role
QData Inc is seeking an experienced Security & Compliance Engineer to lead the design, implementation, and governance of security controls required to achieve and maintain SOC 2 and HIPAA compliance. This role will work closely with various teams to embed security, privacy, auditing, and compliance capabilities into their cloud-native platform.
Responsibilities:
- Design, implement, and maintain security controls aligned with SOC 2 and HIPAA requirements
- Develop and manage security policies, standards, procedures, and compliance documentation
- Establish governance processes to support ongoing compliance and audit readiness
- Partner with engineering and product teams to ensure security requirements are integrated into system architecture and product development
- Design and implement Role-Based Access Control (RBAC) frameworks
- Implement and enforce Multi-Factor Authentication (MFA) across systems and environments
- Establish user provisioning, de-provisioning, and access review processes
- Ensure least-privilege access principles are consistently applied
- Design and implement audit logging, monitoring, and alerting capabilities
- Establish controls for security event tracking and evidence collection
- Create compliance reporting mechanisms to support audits and regulatory reviews
- Ensure proper retention and protection of audit records
- Ensure encryption of sensitive data both at rest and in transit
- Implement controls to protect Protected Health Information (PHI) and other sensitive data
- Develop data classification, privacy, and governance frameworks
- Support compliance with healthcare and government data protection requirements
- Conduct security assessments, vulnerability reviews, and risk analyses
- Identify security gaps and develop remediation plans
- Perform periodic reviews of cloud infrastructure, applications, and security controls
- Collaborate with stakeholders to mitigate identified risks
- Work closely with engineering teams to establish Secure SDLC practices
- Integrate security testing and validation into CI/CD pipelines
- Implement security automation and compliance monitoring tools
- Promote security best practices throughout the software development lifecycle
- Develop and maintain incident response procedures
- Establish disaster recovery and business continuity processes
- Participate in security incident investigations and post-incident reviews
- Ensure organizational preparedness for operational and security disruptions
- Coordinate compliance audits and evidence collection activities
- Support SOC 2 readiness assessments and HIPAA compliance initiatives
- Collaborate with internal and external auditors
- Maintain documentation required for certification and regulatory reviews
Requirements:
- Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field (or equivalent practical experience)
- Minimum 5+ years of experience in Cybersecurity, Cloud Security, Information Security, Compliance Engineering, or related disciplines
- Hands-on experience implementing and supporting SOC 2 and/or HIPAA compliance programs
- Strong understanding of cloud security principles within AWS and/or Azure environments
- Experience implementing Role-Based Access Control (RBAC)
- Experience implementing Multi-Factor Authentication (MFA)
- Experience implementing Audit Logging and Monitoring
- Experience implementing Data Encryption Controls
- Experience implementing Security Governance Frameworks
- Experience conducting security assessments, vulnerability management, and risk analyses
- Strong knowledge of the NIST Cybersecurity Framework and industry security best practices
- Experience working with DevOps and CI/CD environments
- Excellent written and verbal communication skills
- Strong documentation, organizational, and stakeholder management abilities
- Experience supporting healthcare organizations, CMS programs, government agencies, or other highly regulated industries
- Familiarity with NIST 800-53
- Familiarity with FedRAMP
- Familiarity with ISO 27001
- Familiarity with HITRUST
- Experience working within SaaS and cloud-native application environments
- Knowledge of privacy regulations and PHI handling requirements
- Experience implementing enterprise security governance programs
- Exposure to AI/ML platform security and compliance controls
- One or more of the following certifications is highly desirable: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CCSP (Certified Cloud Security Professional), CompTIA Security+, AWS Security Specialty, Azure Security Engineer Associate