Security Engineer

About the Client

Our client is the leading research data platform that’s transforming the way biomedical and imaging data are managed at leading life sciences, clinical, and academic institutions globally.

The client provides a comprehensive research data solution with all the tools needed for curation, imaging processing, machine learning workflows, and secure collaboration. By leveraging cloud scalability and automating research workflows, they help organizations scale research data and analysis, improve scientific collaboration, and accelerate discoveries.

Role Overview

We are seeking a Security Engineer to operate and continuously improve a NIST SP 800-53 control environment supporting the client`s application across AWS and Azure. This role focuses on day-to-day security engineering execution: implementing and maintaining cloud security controls, ensuring continuous compliance evidence, reducing risk through automation, and partnering with Engineering/Platform teams to remediate findings. The environment is containerized and Kubernetes-based and leverages tools such as Wiz and Jira for risk visibility and workflow management.

Requirements:

• Experience operating or engineering within a NIST SP 800-53 environment (implementation, monitoring, and audit support).
• Strong hands-on cloud security experience in AWS and Azure (not just conceptual knowledge).
• Production experience securing Kubernetes and containerized workloads.
• Experience using Wiz (or comparable CNAPP/CSPM) for cloud security posture and risk management.
• Experience driving remediation via Jira (or similar ticketing system) and working cross-functionally with engineering teams.
• Practical knowledge of IAM/identity, network security, encryption/KMS, centralized logging, vulnerability management, and configuration management.
• Ability to write clear technical documentation and produce audit-ready evidence artifacts.

Preferred Skills:

• Experience supporting regulated environments (e.g., FedRAMP, HIPAA, SOC 2, ISO 27001) and associated audit rhythms.
• Familiarity with infrastructure-as-code (Terraform preferred) and policy-as-code approaches.
• Experience with EKS/AKS, container registries, image signing/provenance, and runtime security tooling.
• Familiarity with MSFT Sentinel and cloud-native detection services (e.g., CloudTrail/GuardDuty, Azure Monitor/Defender).
• Experience building compliance reporting and metrics (risk burn-down, SLA adherence, control health indicators).

Success Measures (First 90–180 Days)

• Clear ownership of the 800-53 operational control set for the client`s application with measurable improvements in control health.
• Reduced high/critical cloud findings via Wiz through consistent Jira-driven remediation and verification.
• Repeatable evidence collection workflows established (automated where feasible) and audit readiness improved.
• Strong security patterns adopted by Platform/Engineering for Kubernetes and container deployments.

Working Style / Competencies

• Execution-focused: can turn control requirements into working technical implementations.
• Strong prioritization and risk judgment; able to drive closure on findings.
• Collaborative partner to engineering teams; communicates clearly and pragmatically.
• Comfortable operating in fast-moving cloud environments with ambiguity.
• English level: Upper intermediate

Responsibilities:

NIST 800-53 Operations & Continuous Compliance

• Maintain and improve control implementation and operational maturity for a NIST SP 800-53 environment supporting the client`s application.
• Translate control requirements into technical guardrails, configurations, and repeatable processes across AWS and Azure.
• Partner with compliance/GRC stakeholders to support audits and assessments (e.g., evidence collection, artifacts, walkthroughs, control narratives).
• Operate continuous monitoring processes and maintain compliance readiness through ongoing verification and evidence generation.
• Support creation and upkeep of SSP-supporting artifacts (procedures, standards, diagrams, inventories, configurations, evidence packages).

Cloud Security Engineering (AWS & Azure)

• Implement and manage security controls across identity, network segmentation, logging/monitoring, encryption, key management, and configuration baselines.
• Design and enforce secure cloud patterns for compute, storage, networking, and managed services in both cloud environments.
• Ensure logging and telemetry coverage for security-relevant services; validate retention, integrity, and access controls.
• Harden cloud services and reduce misconfigurations through policy-as-code / guardrails / baseline automation where possible.

Kubernetes & Container Security

• Secure Kubernetes clusters and containerized workloads (e.g., RBAC, network policies, workload identity, secrets handling, runtime controls).
• Establish and maintain container security best practices (image scanning, provenance, minimal base images, vulnerability remediation SLAs).
• Support secure CI/CD patterns for building, deploying, and operating container workloads (including separation of duties and least privilege).
• Contribute to incident response readiness for Kubernetes/container environments (detection, triage, containment patterns).

Vulnerability & Risk Management Workflow

• Use Wiz (and related tooling) to identify, triage, and drive remediation of cloud risks (misconfigurations, vulnerabilities, exposures).
• Own Jira-based workflows for security findings: ticket creation, prioritization, SLAs, stakeholder communication, and closure validation.
• Build dashboards/metrics for risk burn-down and compliance posture; communicate status to technical and non-technical stakeholders.
• Help define and refine engineering-friendly remediation guidance and secure reference architectures.

Automation & Tooling

• Automate repeatable compliance and security tasks (evidence collection, baseline checks, alerting, drift detection).
• Improve security engineering runbooks and operational playbooks for control maintenance and monitoring.
• Integrate security tooling into SDLC and cloud operations (ticketing, alerting, reporting, and documentation).