Navitus Health Solutions

Engineer, Application and Cloud Security

Navitus Health Solutions

full-time

Posted on:

Location Type: Hybrid

Location: IdahoUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AzureCloudDNSSDLCTerraformVault

About the role

  • Design and implement cloud security controls across Azure workloads (IaaS/PaaS), including network segmentation, Private Link/Private Endpoints, NSGs, Azure Firewall, and secure ingress/egress patterns.
  • Design and validate security controls for applications and platforms that process Protected Health Information (PHI), including encryption, access controls, logging, and secure data flows.
  • Support HIPAA and SOC 2 compliance by mapping technical controls to PHI risks, validating effectiveness, and producing audit ‑ ready evidence.
  • Deploy, configure, and operationalize Microsoft Defender for Cloud (secure score, regulatory compliance, recommendations, JIT access) and integrate findings into remediation workflows.
  • Serve as the primary Application Security (AppSec) engineer, partnering with Software Engineering to embed security controls across design, build, test, and runtime phases.
  • Perform threat modeling and architecture reviews for new applications, major changes, and integrations (data flows, identity, APIs).
  • Define and maintain application security requirements aligned to OWASP Top 10, API Security Top 10, and cloud-native threat models.
  • Engineer detections and response workflows in Microsoft Sentinel (analytics rules, automation rules, playbooks), including KQL-based hunting and incident triage.
  • Manage identity and access controls in Microsoft Entra ID, including RBAC, Conditional Access, MFA, Privileged Identity Management (PIM), and Managed Identities.
  • Harden internet-facing applications using Azure Web Application Firewall (WAF) and Azure Front Door (AFD) policies, aligning protections to OWASP Top 10 and validating through testing and logging.
  • Implement secure configuration baselines and policy-as-code using Azure Policy and Management Groups; define guardrails for encryption, logging, networking, and identity.
  • Build and maintain security logging and telemetry (Azure Monitor, Log Analytics, Defender, AFD/WAF logs), ensuring required retention, diagnostics settings, and centralized visibility.
  • Operate vulnerability management for cloud and application surfaces (e.g., Defender recommendations, scanning outputs), drive remediation prioritization, and validate fixes.
  • Integrate application security tooling into CI/CD pipelines (SAST, SCA, secrets scanning, IaC scanning), ensuring actionable results without disrupting delivery.
  • Triage and prioritize application vulnerabilities (code, dependencies, misconfigurations) based on risk, exploitability, and business impact.
  • Partner with engineering teams to remediate findings and validate fixes.
  • Secure secrets, keys, and certificates using Azure Key Vault, including access controls, rotation practices, and integration with applications and pipelines.
  • Secure APIs and web services using authentication, authorization, rate limiting, and abuse protections.
  • Validate WAF, AFD, and API gateway controls against application-specific threats, including bot abuse and injection attacks.
  • Monitor runtime application telemetry for security signals and collaborate on incident response when application-layer issues are identified.
  • Partner with engineering teams to embed secure SDLC practices: threat modeling, security requirements, secure configuration, and remediation guidance for OWASP Top 10 classes.
  • Review and improve Infrastructure-as-Code (Terraform/Bicep/ARM) for security and compliance, including least-privilege IAM, secure networking defaults, and drift detection.
  • Investigate security events and participate in incident response, including containment/eradication, evidence collection, and post-incident root cause analysis and lessons learned.
  • Oversee dependency and third-party library risk (SCA), including vulnerability tracking and remediation guidance.
  • Define secure patterns for secrets management, service-to-service authentication, and external integrations.
  • Support endpoint, identity, and cloud workload investigations using Microsoft Defender XDR and related telemetry; tune alerting to reduce noise and improve fidelity.
  • Maintain runbooks, playbooks, and security documentation; contribute to change management and control evidence for audits and risk assessments.
  • Conduct security reviews of cloud architecture and changes (new services, networking, identity, data flows), providing actionable recommendations and risk-based exceptions when needed.
  • Participate in, adhere to and support compliance and diversity, equity, and inclusion program objectives. Other duties as assigned.

Requirements

  • 5+ years of experience in cloud security, security engineering, security operations, or cloud infrastructure roles with significant security responsibilities (Azure preferred)
  • Hands-on experience with Microsoft Defender (Defender for Cloud and/or Microsoft Defender XDR) and translating security findings into prioritized remediation
  • Experience with Microsoft Sentinel (or equivalent SIEM), including KQL queries, detection engineering, alert triage, and incident investigation
  • Strong understanding of Azure networking and security controls, including secure ingress/egress, firewalling, Private Link, and DNS considerations
  • Experience protecting web applications using WAF capabilities (Azure WAF/Application Gateway and/or Azure Front Door), including rule tuning and monitoring aligned to OWASP Top 10
  • Hands-on experience with application security practices, including threat modeling, secure design reviews, and remediation of OWASP Top 10 vulnerabilities
  • Experience integrating security controls into CI/CD pipelines (SAST, SCA, secrets scanning, IaC scanning)
  • Understanding of API security, authentication/authorization patterns, and common web application attack techniques
  • Experience partnering with software engineers to drive secure coding practices and risk-based remediation
  • Solid grasp of identity and access management (Entra ID), RBAC, least privilege, Key Vault, and platform security controls required
  • Experience implementing governance guardrails using Azure Policy, Management Groups, and security baselines (e.g., Azure Security Benchmark) required
  • Experience reviewing and securing Infrastructure as Code (Terraform/Bicep/ARM), including secure defaults, secret handling, and drift detection preferred
  • Familiarity with DevSecOps practices (security scanning, policy enforcement, and automated evidence collection) integrated into CI/CD pipelines preferred
  • Experience with incident response processes, alert investigation, and post-incident reviews (RCA/lessons learned) preferred
Benefits
  • Health insurance
  • 401K company match of up to 5% - No vesting requirement
  • 20 days paid time off
  • 4 weeks paid parental leave
  • 9 paid holidays
  • Adoption Assistance Program
  • Flexible Spending Account
  • Educational Assistance Plan and Professional Membership assistance
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cloud securitysecurity engineeringsecurity operationsMicrosoft Defender for CloudMicrosoft Defender XDRMicrosoft SentinelKQLthreat modelingInfrastructure as CodeAPI security
Soft Skills
collaborationcommunicationincident responserisk assessmentremediation guidanceproblem-solvingattention to detailanalytical thinkingproject managementadaptability