Real ChemistryRemote
Security Engineer — Application Security & Identity
United States of America
Full Time
2 hours ago
$60,000 - $80,000 USD
H1B Sponsor Likely
Key skills
Application SecurityAWS IAMSAML federationOIDC federationGitHub Advanced SecurityCodeQLSASTDependabotSecret scanningBranch protectionEnvironment controlsSemgrepSnykContainer scanningTrivyECR scanningInfrastructure as Code policyOPASentineltfsecThreat modelingPenetration testingSOC 2 complianceGDPR complianceHIPAA-adjacent controlsAudit loggingSIEM integrationAI/LLM Data Loss PreventionIdentity ArchitectureEntra IDGitHub OIDCSecurity certifications CISSPSecurity certifications CCSPSecurity certifications OSCPSecurity certifications GIACAILLMAWSIAMSAMLGitHubCI/CDPenetration TestingCloud Security
About this role
Real Chemistry is a global agency focused on transforming healthcare through scientific expertise and AI-driven insights. The Security Engineer will own application security across multiple environments, define security controls, and collaborate with teams to ensure robust security practices are implemented.
Responsibilities:
- Conduct security reviews of Internally developed applications including:
- Data flow validation
- Security control design and implementation
- Secrets handling
- AI/LLM Data Loss Prevention (DLP)
- Co-lead production readiness reviews for strictly governed environments:
- Threat modeling
- Hardening validation
- Compliance mapping (SOC 2and contractual and regulatory requirements)
- Define and enforce identity architecture:
- Corporate identity: Entra ID
- Workload identity: AWS IAM and GitHub OIDC
- Define and manage GitHub native security controls:
- GitHub Advanced Security (CodeQL / SAST)
- Dependabot (dependency scanning)
- Secret scanning
- Branch protection and environment controls
- Establish standards for security tooling:
- SAST (CodeQL, Semgrep)
- SCA (Dependabot, Snyk)
- Container scanning (Trivy, ECR scanning)
- Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)
- Define AWS security standards:
- IAM design and least-privilege access
- Logging and audit requirements
- Secrets management and rotation
- Scope and coordinate third-party penetration testing
- Maintain audit logging maturity per environment requirements:
- Baseline logging
- User-level activity tracking
- Tamper-evident audit trails with SIEM integration
- Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk)
- Partner with DevOps Engineering to ensure security policies are implemented in pipelines and infrastructure
- Define approved AI providers and usage boundaries
- Establish prompt data classification and handling policies
- Enforce human-in-the-loop requirements where appropriate
- Define cost/spend guardrails for AI services
Requirements:
- 5+ years (or 3–5+ in high-growth environments) in cloud security, 2 of which should be focused application security
- Hands-on security experience with: AWS IAM, SAML / OIDC federation, GitHub security tooling
- Experience with threat modeling and coordinating penetration testing
- Familiarity with SOC 2, GDPR, and HIPAA-adjacent controls
- In-depth understanding of the risk lifecycle
- Experience securing GitHub-based CI/CD pipelines
- Experience in AWS native environments
- Exposure to regulated industries (GxP, 21 CFR Part 11)
- Security certifications (CISSP, CCSP, OSCP, GIAC, etc.)
- Associates degree or higher
- Experience bringing low-code or AI-generated applications under enterprise security controls