Description Job Description:
We are hiring for an exciting opportunity within Leidos
to engage in a startup initiative to build and operate new cloud-based products and services for the Health Care industry. The careC2 platform provides integration and interoperability across health systems, products and settings. The platform provides a framework for clinical performance improvements to efficiently deliver the right services to the right patient at the right point in the health journey. careC2 is designed, developed and deployed as a Software as a Service (SaaS) offer that enables our customers to rapidly connect and use the platform to improve efficiency and quality.
The Cloud Security Engineer
specializes in ensuring security and compliance for the careC2 cloud-based platform and related components. Your role will work with application developers, systems engineers, architects, customers and senior management to ensure appropriate security practices and mitigation of any risks identified.Primary Responsibilities
- Overall security architecture ensuring all security related requirements are met, SME support for the overall security architecture.
- Sets security strategy including risk assessment, risk management, security control assessment, continuous monitoring, and service design.
- Ensure vulnerability action plans are defined and executed by all appropriate teams.
- Work with internal and external customers on security related activities and tasks, prepare / conduct report outs to senior management on a regular basis.
- Plan, implement, upgrade and monitor security controls for the protection of careC2 systems.
- Ensure careC2 meets all relevant security, data privacy and health care compliance requirements, including HIPAA.
- Work with development and engineering teams to build secure applications by providing security requirements and security patterns, re-usable code, etc.
- Help with integration of software security tools and practices with agile SDLC, CI/CD framework and SecDevOps.
- Knowledge of the SDLC and ensuring requirements for security, compliance and quality scans are successfully executed.
- Oversee software security design and/or code reviews.
- Assess the security risks associated with the DevTest and SecOps environments including 3rd party software and components.
- Enforces the design and implementation of trusted relations among external systems and architecture
- Perform security audits and assessments.
- Participate in the development, implementation, and testing of disaster recovery methods and procedures
- Scan systems with appropriate tools and procedures. Review corporate and 3rd party bulletins for known vulnerabilities.
- Additional duties may include supporting Technical Writing, Systems Analyst/Administration, Tier2 Help Desk, Test Engineering
- Bachelor of Science degree from an accredited university in Computer Science, Information Assurance, Information Security System Engineering or related field with a minimum of 7 years of experience as a Security Engineer or related positions.
- CISSP required, major cloud based security certification preferred (e.g., AWS Certified Security - Specialty).
- Competency gained from three or more years of production deployment experience using cloud based security services and features.
- An understanding of cloud ecosystems (AWS, Azure, Google Cloud etc); specialized data classifications and cloud data protection mechanisms; data encryption methods and mechanisms to implement them; and secure internet protocols and mechanisms to implement them.
External Referral Bonus:
- Micro services design and operation.
- Working knowledge of cloud provider security services and features to provide a secure production environment.
- Ability to make trade off decisions with regard to cost, security and deployment complexity.
- Security operations and risk.
- Demonstrated knowledge of container technology tools (Docker, Kubernetes).
- Experience with Managed Services such as AWS MSK and Mongo Atlas is a plus (not required).
- Strong verbal and written communication skills.
EligiblePotential for Telework:
NoClearance Level Required:
Yes, 10% of the timeScheduled Weekly Hours:
Security Architecture and Engineering
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 33,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to firstname.lastname@example.org
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.