Softheon
Cloud Security Specialist
Softheon, New York, New York, United States,
Job Title: Cloud Security Specialist
Job Location: Remote
About us:
Softheon is a dynamic and forward-thinking Software as a Service (SaaS) organization that is dedicated to ensuring affordable, accessible, and plentiful healthcare for every American. We are a pioneering force in the healthcare technology industry, driven by our mission to empower individuals and organizations with innovative solutions that transform the healthcare landscape. Our commitment to improving healthcare access and delivery is unwavering, and we are looking for top-tier talent to join our journey and contribute to our vision. If you're seeking an environment where your contributions are impactful and deeply valued, don't just join a company with ambition. Align with a purpose backed by a committed company. Our Company Culture:
Our culture is built on collaboration, innovation, and appreciation. We value each employee's unique talents and contributions and understand that every individual plays a critical role in our mission to transform healthcare. Every day, we celebrate our team's dedication, creativity, and expertise, which drive us closer to our goals. At Softheon, Our Mission is powering growth to make healthcare more productive, intelligent, and successful. Our Vision is Making healthcare affordable, accessible, and plentiful for every American. About the role:
This role demands strong collaboration with cross-functional teams, ensuring the seamless integration of security practices across all cloud services, including IaaS, PaaS, and SaaS. The Cloud Security Specialist will also develop and enforce security policies, monitor cloud configurations, respond to threats, and automate security processes, ensuring compliance with industry regulations such as HIPAA. This role is crucial for enhancing our organization's overall security posture and supporting our business goals through proactive cloud security measures. Requirements You will:
Cloud Security Management:
Design and implement cloud security frameworks : Architect and deploy robust security controls for Azure-based cloud infrastructure, ensuring alignment with organizational security policies and standards. Cloud configuration and hardening : Review and improve security configurations for Azure services, ensuring appropriate access control, encryption, and security monitoring. Policy management and enforcement : Define and enforce security policies for cloud usage, ensuring that data is protected, encrypted, and appropriately monitored. Continuous security assessments : Perform regular security audits of cloud environments, including vulnerability scanning and penetration testing, to identify and mitigate risks. Threat Management:
Incident detection and response : Act as the primary point of contact for cloud security incidents. Lead efforts to contain, investigate, and remediate breaches or threats. Proactive threat hunting : Conduct threat-hunting activities within Azure cloud environments to uncover potential risks and misconfigurations before they lead to security incidents. Security event correlation : Leverage tools like Microsoft Sentinel to correlate security events and detect abnormal patterns in network and system activity. Forensics and root cause analysis : In the event of a security breach, perform forensic analysis to determine the cause and prevent future occurrences. Compliance & Governance:
HIPAA, SOC, and PCI audit preparation : Lead efforts to ensure the cloud environment meets regulatory requirements and is fully prepared for external and internal security audits. Cloud security governance : Develop and enforce governance frameworks to ensure ongoing compliance with security standards and legal requirements (e.g., HIPAA, GDPR, SOC 2). Third-party vendor risk management : Assess the security posture of third-party vendors, ensuring that their practices meet compliance and security requirements when integrating with the organization’s cloud systems. Security Tools & Technologies:
Security automation : Automate repetitive security tasks using tools like Microsoft Azure Security Center, Microsoft Defender, and Sentinel to improve operational efficiency. Zero Trust architecture : Design and implement a Zero Trust security model within the Azure environment, ensuring secure access to resources. Continuous security monitoring : Establish and maintain real-time monitoring and alerting systems using cloud-native tools and services to ensure timely identification of vulnerabilities or suspicious activities. SIEM and SOAR management : Oversee the integration of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems to streamline incident response. Collaboration:
Security training and advocacy : Educate DevOps, engineering, and IT teams on best practices for secure cloud development, including secure coding and configuration. DevSecOps integration : Partner with DevOps teams to integrate security into CI/CD pipelines, ensuring secure code deployment and infrastructure provisioning. Cross-departmental security alignment : Collaborate with IT, product, and legal teams to ensure cloud security practices align with business goals and regulatory frameworks. Documentation & Reporting:
Security incident playbooks : Develop and maintain detailed incident response playbooks to ensure a consistent and effective approach to security breaches. Audit and compliance reporting : Provide detailed security reports, including audit logs and incident findings, for compliance reviews and audits. Key security metrics and KPIs : Define, track, and report key security metrics (e.g., number of incidents, MTTR) to senior management to continuously improve security posture. Additional Responsibilities
This position may require occasional on-call availability, estimated to be less than 20% of the time, to address urgent issues or support business needs outside of regular working hours. Candidates must be willing and able to respond promptly as needed, and on-call scheduling may be arranged in advance to ensure coverage. This position will require you to work EST (9am – 6pm EST) You have:
Education:
A Bachelor's degree in Computer Science, Information Security, or a related field is preferred; however, equivalent relevant experience will also be considered. Relevant certifications (e.g., CISSP, CCSP, AWS Certified Security – Specialty) are a plus and SC-200 or SC-400 is mandatory prior to start date. Experience:
Minimum of 8-10 years of professional working experience in the IT Operations, Cyber Security field or related field. Minimum of 5 years of experience in cloud security or related roles. Proven experience with Azure cloud platform and associated security controls. Must have experience working with either HIPAA, SOC, or PCI Audits in a Cloud Security Environment. Must have experience working with Defender/Defender XDR. Technical Skills:
Strong knowledge of cloud security architecture, tools, and best practices. Experience with network security, encryption technologies, and identity management. Analytical Skills:
Excellent problem-solving abilities with a keen attention to detail. Ability to analyze security incidents and develop appropriate response strategies. Communication :
Strong verbal and written communication skills. Ability to convey complex security concepts to non-technical stakeholders. Team Player:
Collaborative mindset with the ability to work effectively in a team-oriented environment. Proven ability to manage multiple priorities and projects simultaneously. Benefits What we offer:
Salary - $120,000- $150,000 Softheon offers every full-time employee a comprehensive benefits package including: Opportunity to work on cutting-edge cloud-based healthcare solutions; Work from your home company with a one-time home office stipend; Excellent benefits package that includes health, vision and dental coverage for you, your spouse and dependents; Additional benefits, including a monthly wellness stipend and internet stipend, 401K w/ a match; immediately vested, employee assistance program, disability/life insurance, and parental leave; 15 days to Discretionary PTO based on YOS plus 9 additional holidays; Referral bonuses, discretionary bonus program, spot bonuses and professional development opportunities; An opportunity for you to be part of a team committed to improving healthcare access and affordability by leveraging innovative technology solutions; *Please note that candidates applying for this position, must currently reside within the United States. Eligibility to Work in the U.S.:
We are unable to sponsor or assist with visa-related processes. Candidates must have valid work authorization to work in the U.S. without any current or future need for employer sponsorship. Join Softheon, and together, we'll shape the future of healthcare in America. Are you ready to make a difference? Join us at Softheon and help revolutionize healthcare for all . At Softheon, we embrace and celebrate diversity in all its forms as an equal opportunity employer. We strongly believe that employing a diverse workforce is key to our success. Our recruitment and hiring decisions are made solely on the basis of each candidate's qualifications, experience, and skills. We highly appreciate your dedication to our shared mission of making healthcare affordable, accessible, and abundant for all. Join us in our journey towards continually building a diverse and inclusive workplace, where everyone’s contributions are valued, respected, and celebrated. Employment with Softheon is at-will, which means either the employee or Softheon may terminate the employment relationship at any time, with or without cause, and with or without notice. Nothing in this job description or in any document or statement shall be construed to constitute a guarantee of employment for a specified period of time.
Job Location: Remote
About us:
Softheon is a dynamic and forward-thinking Software as a Service (SaaS) organization that is dedicated to ensuring affordable, accessible, and plentiful healthcare for every American. We are a pioneering force in the healthcare technology industry, driven by our mission to empower individuals and organizations with innovative solutions that transform the healthcare landscape. Our commitment to improving healthcare access and delivery is unwavering, and we are looking for top-tier talent to join our journey and contribute to our vision. If you're seeking an environment where your contributions are impactful and deeply valued, don't just join a company with ambition. Align with a purpose backed by a committed company. Our Company Culture:
Our culture is built on collaboration, innovation, and appreciation. We value each employee's unique talents and contributions and understand that every individual plays a critical role in our mission to transform healthcare. Every day, we celebrate our team's dedication, creativity, and expertise, which drive us closer to our goals. At Softheon, Our Mission is powering growth to make healthcare more productive, intelligent, and successful. Our Vision is Making healthcare affordable, accessible, and plentiful for every American. About the role:
This role demands strong collaboration with cross-functional teams, ensuring the seamless integration of security practices across all cloud services, including IaaS, PaaS, and SaaS. The Cloud Security Specialist will also develop and enforce security policies, monitor cloud configurations, respond to threats, and automate security processes, ensuring compliance with industry regulations such as HIPAA. This role is crucial for enhancing our organization's overall security posture and supporting our business goals through proactive cloud security measures. Requirements You will:
Cloud Security Management:
Design and implement cloud security frameworks : Architect and deploy robust security controls for Azure-based cloud infrastructure, ensuring alignment with organizational security policies and standards. Cloud configuration and hardening : Review and improve security configurations for Azure services, ensuring appropriate access control, encryption, and security monitoring. Policy management and enforcement : Define and enforce security policies for cloud usage, ensuring that data is protected, encrypted, and appropriately monitored. Continuous security assessments : Perform regular security audits of cloud environments, including vulnerability scanning and penetration testing, to identify and mitigate risks. Threat Management:
Incident detection and response : Act as the primary point of contact for cloud security incidents. Lead efforts to contain, investigate, and remediate breaches or threats. Proactive threat hunting : Conduct threat-hunting activities within Azure cloud environments to uncover potential risks and misconfigurations before they lead to security incidents. Security event correlation : Leverage tools like Microsoft Sentinel to correlate security events and detect abnormal patterns in network and system activity. Forensics and root cause analysis : In the event of a security breach, perform forensic analysis to determine the cause and prevent future occurrences. Compliance & Governance:
HIPAA, SOC, and PCI audit preparation : Lead efforts to ensure the cloud environment meets regulatory requirements and is fully prepared for external and internal security audits. Cloud security governance : Develop and enforce governance frameworks to ensure ongoing compliance with security standards and legal requirements (e.g., HIPAA, GDPR, SOC 2). Third-party vendor risk management : Assess the security posture of third-party vendors, ensuring that their practices meet compliance and security requirements when integrating with the organization’s cloud systems. Security Tools & Technologies:
Security automation : Automate repetitive security tasks using tools like Microsoft Azure Security Center, Microsoft Defender, and Sentinel to improve operational efficiency. Zero Trust architecture : Design and implement a Zero Trust security model within the Azure environment, ensuring secure access to resources. Continuous security monitoring : Establish and maintain real-time monitoring and alerting systems using cloud-native tools and services to ensure timely identification of vulnerabilities or suspicious activities. SIEM and SOAR management : Oversee the integration of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems to streamline incident response. Collaboration:
Security training and advocacy : Educate DevOps, engineering, and IT teams on best practices for secure cloud development, including secure coding and configuration. DevSecOps integration : Partner with DevOps teams to integrate security into CI/CD pipelines, ensuring secure code deployment and infrastructure provisioning. Cross-departmental security alignment : Collaborate with IT, product, and legal teams to ensure cloud security practices align with business goals and regulatory frameworks. Documentation & Reporting:
Security incident playbooks : Develop and maintain detailed incident response playbooks to ensure a consistent and effective approach to security breaches. Audit and compliance reporting : Provide detailed security reports, including audit logs and incident findings, for compliance reviews and audits. Key security metrics and KPIs : Define, track, and report key security metrics (e.g., number of incidents, MTTR) to senior management to continuously improve security posture. Additional Responsibilities
This position may require occasional on-call availability, estimated to be less than 20% of the time, to address urgent issues or support business needs outside of regular working hours. Candidates must be willing and able to respond promptly as needed, and on-call scheduling may be arranged in advance to ensure coverage. This position will require you to work EST (9am – 6pm EST) You have:
Education:
A Bachelor's degree in Computer Science, Information Security, or a related field is preferred; however, equivalent relevant experience will also be considered. Relevant certifications (e.g., CISSP, CCSP, AWS Certified Security – Specialty) are a plus and SC-200 or SC-400 is mandatory prior to start date. Experience:
Minimum of 8-10 years of professional working experience in the IT Operations, Cyber Security field or related field. Minimum of 5 years of experience in cloud security or related roles. Proven experience with Azure cloud platform and associated security controls. Must have experience working with either HIPAA, SOC, or PCI Audits in a Cloud Security Environment. Must have experience working with Defender/Defender XDR. Technical Skills:
Strong knowledge of cloud security architecture, tools, and best practices. Experience with network security, encryption technologies, and identity management. Analytical Skills:
Excellent problem-solving abilities with a keen attention to detail. Ability to analyze security incidents and develop appropriate response strategies. Communication :
Strong verbal and written communication skills. Ability to convey complex security concepts to non-technical stakeholders. Team Player:
Collaborative mindset with the ability to work effectively in a team-oriented environment. Proven ability to manage multiple priorities and projects simultaneously. Benefits What we offer:
Salary - $120,000- $150,000 Softheon offers every full-time employee a comprehensive benefits package including: Opportunity to work on cutting-edge cloud-based healthcare solutions; Work from your home company with a one-time home office stipend; Excellent benefits package that includes health, vision and dental coverage for you, your spouse and dependents; Additional benefits, including a monthly wellness stipend and internet stipend, 401K w/ a match; immediately vested, employee assistance program, disability/life insurance, and parental leave; 15 days to Discretionary PTO based on YOS plus 9 additional holidays; Referral bonuses, discretionary bonus program, spot bonuses and professional development opportunities; An opportunity for you to be part of a team committed to improving healthcare access and affordability by leveraging innovative technology solutions; *Please note that candidates applying for this position, must currently reside within the United States. Eligibility to Work in the U.S.:
We are unable to sponsor or assist with visa-related processes. Candidates must have valid work authorization to work in the U.S. without any current or future need for employer sponsorship. Join Softheon, and together, we'll shape the future of healthcare in America. Are you ready to make a difference? Join us at Softheon and help revolutionize healthcare for all . At Softheon, we embrace and celebrate diversity in all its forms as an equal opportunity employer. We strongly believe that employing a diverse workforce is key to our success. Our recruitment and hiring decisions are made solely on the basis of each candidate's qualifications, experience, and skills. We highly appreciate your dedication to our shared mission of making healthcare affordable, accessible, and abundant for all. Join us in our journey towards continually building a diverse and inclusive workplace, where everyone’s contributions are valued, respected, and celebrated. Employment with Softheon is at-will, which means either the employee or Softheon may terminate the employment relationship at any time, with or without cause, and with or without notice. Nothing in this job description or in any document or statement shall be construed to constitute a guarantee of employment for a specified period of time.