We are seeking a Senior Cloud Security Engineer to cultivate a security first mindset within our organization.
In this role, you will partner with our DevOps, Engineering, and Development teams to engineer, develop, build, manage, maintain and implement secure solutions from the ground up. You will drive the development and adoption of cloud security standards, best practices and technologies within Centaur’s products and cloud infrastructure to ensure that the Centaur Labs solution is highly secure and complies with industry standards and regulations.
- Provide technical security expertise to ensure the Confidentiality, Integrity, and Availability of Centaur Labs technologies platform, solutions, company & customer data
- Drive the development and adoption of cloud security standards, best practices and technologies within Centaur Labs’ products and cloud infrastructure to enable security and privacy by design and ultimately a highly secure and compliant SaaS
- Perform architecture and design reviews, cloud security assessments, and threat modeling throughout the Centaur Labs organization
- Work in conjunction with Product Engineering & IT to enable secure & compliant cloud deployments through automation, system hardening, application security capabilities, threat prevention, intrusion detection, vulnerability management, container security, identity and access management, incident response controls for hosts and networks
- Act as a ‘security consultant’ & ‘trusted advisor’ throughout the organization, but especially to software architects and engineers
- Automate security, compliance, auditing and monitoring of controls
- Perform security monitoring, security and data/logs analysis to detect and remediate security incidents
- Perform control testing to assess effectiveness of security controls - includes penetration testing and purple team engagements
- Enable the Centaur Labs solution and overall business with Cybersecurity, Privacy, Compliance, and Governance
- 2+ years working in risk and controls, audit, or information security compliance
- Experience in regulatory and compliance standards such as SOC 2, PCI, CSF, HIPAA, ISO27001, ISO27018, CCPA, GDPR, etc.
- Ability to apply security engineering & design principles to an eCommerce, FinTech, HealthTech or a SaaS environment.
- Understanding and ability to implement network security technologies - Reverse proxies, IPS, Web Content filtering
- Configure, manage and maintain Amazon Web Services - EC2, Cloud Trail, Security Group configuration, AWS WAF, Guard Duty, and other security related services
- Understanding of dev-first approach, Continuous Integration/Continuous Delivery, Cloud automation, DevOps, DevSecOps, Agile development methodologies
- Understanding of containerization technologies and ability to enhance DevOps with a DevSecOps approach
Automation in compliance, security & governance including cloud configuration compliance monitoring and management
- Penetration testing and security assessment in the cloud
- Certifications: AWS Solution Architect - Professional, AWS Security, AWS Networking, OSCP.
- Experience in high growth, fast-moving SaaS environments
- Experience with developing cloud native application security solutions, API security, SaaS vulnerability research, and penetration testing cloud architectures/applications
- Programming or scripting experience with PHP, Python, Go, Node.JS, Angular
OWASP top 10 Expertise, teaching and facilitating remediation
- Deep, technical understanding of methods used to attack or exploit flaws in cloud native applications and infrastructure
- Boston-based, but not required; EST and/or CST time zone is strongly preferred
- Interest in healthcare