Cloud Security Engineer

Overview: The Security Engineer L3 is responsible for the engineering and configuration of the security tools in the environment. The Security Engineer is expected to stay current on the security threats, cloud-native services, and security technologies. The successful candidate will perform threat assessments, provide mitigations, develop recommendations, perform hands on activities related to security engineering, vulnerability management, security reviews, and troubleshooting of security products. The Security Engineer provides security expertise across the product engineering lifecycle including security configuration, vulnerability management, risk assessment, risk management, and security administration.

Duties and Responsibilities:

• Perform infrastructure scans, identify vulnerabilities, assess risk, prioritize, and work with stakeholders to remediate the vulnerabilities;

• Curate and assess vulnerability data (across multiple platforms/tools) to drive outcomes with actionable information;

• Create reports, dashboards, metrics, and product security scorecards for stakeholder discussions and leadership reviews;

• Support customer audit activities and administer security tools and services;

• Provide consultation to internal customers on identified security findings to drive outcomes;

• Assist security tool deployment and scan configurations to enhance security posture at Inovalon;

• Perform code scanning, infrastructure scanning, and cloud misconfiguration scanning and automate triage process;

• Maintain compliance with Inovalon's policies, procedures, and mission statement;

• Always adhere to all confidentiality and HIPAA requirements as per Inovalon's Operating Policies and Procedures with respect to any aspect of the data handled or services rendered in the undertaking of the position;

• Additional responsibilities as assigned by management; and

• We reserve the right to change this job description as business needs dictate and will provide notice of such.

Job Requirements:

• Minimum 2+years of experience in the information security field;

• Minimum2+ years of experience as Security Analyst or Security Engineer;

• Minimum 2+ years of experience in vulnerability management;

• Minimum 2+ years of experience in security controls frameworks such as NIST 800-series or HITRUST;

• Minimum 2+ years hand-on experience in security tools such as Rapid7, CrowdStrike, Qualys, Nessus, Wiz etc.;

• Experience of one or more scripting languages (Python or PowerShell);

• Ability to effectively communicate across all levels of the organization

Education:

• Bachelor's degree in a cybersecurity related discipline;

Certification:

• Security certifications such from CompTIA, EC-Council, ISC2, and SANS;

• AWS certifications are preferred;