Medical Guardian

Senior Security Engineer

Medical Guardian

full-time

Posted on:

Location Type: Hybrid

Location: PhiladelphiaPennsylvaniaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityKubernetesPythonTerraform

About the role

  • Design and implement secure architecture patterns across Azure and AWS cloud environments, as well as on-prem and hybrid infrastructures
  • Lead security design reviews for infrastructure and application initiatives
  • Engineer and optimize enterprise security controls across endpoint protection, threat detection and response, network security, email security, data protection, cloud access governance, and privileged access management
  • Define and implement Zero Trust principles
  • Harden Azure security posture including Entra ID governance, RBAC design, Conditional Access, PIM, Defender for Cloud, and Private Link architecture
  • Implement and manage cloud posture management and cloud workload protection capabilities, including CSPM and CNAPP tooling
  • Secure Kubernetes and containerized workloads
  • Automate security guardrails using infrastructure as code such as Terraform, Bicep, and CloudFormation
  • Implement enterprise data classification, DLP, encryption, and tenant-level controls across Microsoft 365 and Azure to prevent data exfiltration and unauthorized AI service access
  • Design, implement, and enforce security controls for enterprise AI platforms including Azure OpenAI, Microsoft Copilot, Azure Machine Learning, and related AI services
  • Secure AI model training data, inference endpoints, APIs, and service principals while enforcing governance controls to prevent exposure of sensitive or regulated data
  • Develop guardrails to detect and prevent shadow AI adoption
  • Evaluate third-party AI tools for security, privacy, and data residency risks
  • Partner with Legal and Compliance teams to support responsible AI governance and regulatory requirements
  • Partner with DevOps and Engineering teams to integrate automated application security testing, including static analysis, dynamic testing, and secret detection, into CI and CD pipelines prior to deployment
  • Perform threat modeling and architecture risk assessments
  • Serve as incident response lead for security events, coordinating internal response teams and activating third-party incident response partners as needed
  • Lead containment, eradication, and recovery efforts during security incidents
  • Enhance detection engineering use cases within SIEM and develop automated response playbooks
  • Lead post-incident reviews and root cause analysis
  • Lead and facilitate regular incident response tabletop exercises and coordinated response simulations to validate detection, escalation, and cross-functional readiness
  • Oversee enterprise vulnerability management including scanning, risk-based prioritization, and remediation tracking
  • Develop metrics and reporting for executive visibility
  • Support regulatory requirements including HIPAA, HITRUST, SOC 2, and PCI-DSS as applicable
  • Assist with audits and evidence collection
  • Develop and maintain security policies and standards
  • Perform third-party risk assessments
  • Oversee MDR detection coverage, alert tuning, escalation workflows, service level adherence, and integration of logging and telemetry between internal systems and third-party providers
  • Collaborate with the MSP on infrastructure security hardening, patching strategy, endpoint protection, and configuration management
  • Drive continuous improvement through regular performance reviews and security posture assessments with external partners
  • Provide technical guidance and drive security best practices across IT and Engineering initiatives
  • Serve as escalation point for complex security issues

Requirements

  • Must be legally authorized to work in the United States without the need for employer sponsorship now or in the future.
  • 5 or more years of progressive experience in cybersecurity engineering
  • Strong experience in Azure security architecture and hands-on implementation of controls including Entra ID, Conditional Access, PIM, Defender for Cloud, and Private Endpoints
  • Deep understanding of network security, identity and access architecture, endpoint protection, and security monitoring and detection engineering principles
  • Experience securing AI and ML platforms or cloud-native AI services
  • Experience implementing enterprise data protection controls including DLP, Purview, labeling, encryption, and key management
  • Experience with infrastructure as code and automation using Python, PowerShell, Terraform, Bicep, or similar tools
  • Experience securing CI and CD pipelines and containerized environments
  • Strong knowledge of security frameworks including NIST, CIS, and ISO 27001
  • Experience managing third-party security operations relationships and holding vendors accountable to defined service levels.
  • Experience in regulated industries such as healthcare (preferred)
  • Experience implementing Zero Trust architectures (preferred)
  • Security certifications such as CISSP or CCSP strongly preferred. Azure security certifications including AZ-500 highly valued. GIAC certifications such as GCED or GCIA and OSCP are considered a plus.
Benefits
  • Health Care Plan (Medical, Dental & Vision)
  • Paid Time Off (Vacation, Sick Time Off & Holidays)
  • Company Paid Short Term Disability and Life Insurance
  • Retirement Plan (401k) with Company Match
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Azure security architectureAWS cloud environmentsZero Trust principlesendpoint protectionthreat detectiondata protectioninfrastructure as codeKubernetes securityDLPencryption
Soft Skills
leadershipincident responsecollaborationcommunicationproblem-solvingrisk assessmentcontinuous improvementtechnical guidancefacilitationmetrics development
Certifications
CISSPCCSPAZ-500GCEDGCIAOSCP