Security Engineer

Job Title: Security Engineer – Cloud & Healthcare Compliance Department: Engineering & Infrastructure Work Mode: Remote Employment Type: Full-Time Experience Required: 5–9 Years Role Summary Own end-to-end security across cloud infrastructure, applications, and data pipelines while ensuring compliance with HIPAA, SOC 2, and ISO 27001, working closely with engineering and clinical teams to embed security throughout the product lifecycle. Key Responsibilities Design and implement Zero Trust architecture across AWS/Azure/GCP environments Manage IAM, SIEM, WAF, secrets management, and CSPM tools Secure PHI data flows across APIs, IoMT, FHIR/HL7 integrations, and analytics pipelines Enforce encryption standards including AES-256 and TLS 1.3 with proper key lifecycle management Lead HIPAA compliance implementation across Privacy, Security, and Breach Notification rules Build audit trails for PHI access, system events, and compliance investigations Implement RBAC and ABAC policies with dynamic access controls Support SOC 2 Type II and ISO 27001 audit readiness and remediation Conduct threat modeling using STRIDE/PASTA frameworks Implement Secure SDLC with SAST, DAST, and SCA tools in CI/CD pipelines Perform penetration testing and enforce secure coding practices aligned with OWASP Top 10 Develop and execute incident response plans aligned with HIPAA breach timelines Manage vulnerabilities, CVEs, and patching across infrastructure and applications Secure IoMT device integrations including authentication, firmware integrity, and protocols like HL7, DICOM Drive security awareness, governance policies, vendor risk assessments, and reporting metrics Required Qualifications Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field Certifications preferred such as CISSP, CISM, CCSP, CEH, or cloud security certifications 5–9 years of experience in information security with at least 3 years in cloud security Hands-on experience with HIPAA compliance implementation in healthcare or SaaS Experience with SOC 2 Type II or ISO 27001 audits Strong expertise in AWS/Azure/GCP security services and SIEM tools Experience with container security, Kubernetes, and DevSecOps practices Proficiency in Python, Bash, or PowerShell scripting Knowledge of PKI, certificate lifecycle, and HSM integration Familiarity with FHIR, HL7, DICOM security standards Preferred Qualifications Experience securing AI/ML systems and LLM-based applications Knowledge of IoMT security frameworks and healthcare compliance standards Understanding of India DPDP Act 2023 and global data privacy regulations Experience with GDPR, HITRUST, or FedRAMP in SaaS environments Background in infrastructure-as-code security and GitOps workflows