Security Engineer - Cloud

Company Information

At Advarra, we are passionate about making a difference in the world of clinical research and advancing human health. With a rich history rooted in ethical review services combined with innovative technology solutions and deep industry expertise, we are at the forefront of industry change. A market leader and pioneer, Advarra breaks the silos that impede clinical research, aligning patients, sites, sponsors, and CROs in a connected ecosystem to accelerate trials.

Company Culture 

Our employees are the heart of Advarra. They are the key to our success and the driving force behind our mission and vision. Our values (Patient-Centric, Ethical, Quality Focused, Collaborative) guide our actions and decisions. Knowing the impact of our work on trial participants and patients, we act with urgency and purpose to advance clinical research so that people can live happier, healthier lives. 

At Advarra, we seek to foster an inclusive and collaborative environment where everyone is treated with respect and diverse perspectives are embraced. Treating one another, our clients, and clinical trial participants with empathy and care are key tenets of our culture at Advarra; we are committed to creating a workplace where each employee is not only valued but empowered to thrive and make a meaningful impact.

Job Overview Summary 

This Security Engineer – Cloud role is responsible for implementing the overall company strategy for security and adherence to compliance standards with a focus on Cloud security. This position requires an individual who has demonstrated in-depth experience, knowledge, and ability with all aspects of meeting and maintaining security standards. The Security Engineer has industry experience to own and drive resolution and testing of a CSPM, complex security events, policy questions, and technical security risks.    

Job Duties & Responsibilities 

• Cloud Security Implementation: Design and implement security best practices for AWS, Azure, or GCP environments, focusing on IAM, network security, and data protection. 
• Security Tooling & Automation: Utilize tools like Wiz, Palo Alto Prisma, AWS Security Hub, AWS GuardDuty, Azure Security Center, or Defender for Cloud to monitor and improve cloud security posture. 
• Monitor cloud environments for threats, analyze security events, and respond to incidents using SIEM and security automation tools. 
• Performing, reviewing, evaluating, assessing, documenting and communicating the results of security assessments, (e.g., risk assessments, vendor assessments, vulnerability assessments, penetration tests; system or application assessments, etc.).
• Supporting the Operations, Engineering and Applications teams by providing the necessary security expertise required to ensure that applications and infrastructure are implemented in accordance with company objectives for risk acceptance.  
• Identify nuanced vulnerabilities in advanced systems and find new and creative ways to reduce the impact of vulnerabilities. 
• Threat modeling, analysis, and recommendations. 
• Ensure appropriate confidentiality, integrity, availability, safety, privacy, and recovery of digital assets owned, controlled and/or processed by the organization. 
• Ensuring that the organization's infrastructure and applications meet our technical security objectives and are designed, implemented and executed effectively, efficiently and economically.  
• Facilitates the day-to-day operations of the in-place security solutions. 
• Enforce and maintain established policies, procedures, and standards across all managed systems. 
• Ability to develop, review and/or audit security policy. 
• Research and stay current on the latest trends, best practices, and technology developments. 
• Internal project management and ownership. 
• Perform other job-related duties as assigned. 

Location 

This role is open to candidates working remotely in the United States. 

Basic Qualifications

• Bachelor’s in computer science, information systems, related field, or equivalent experience. 
• Extensive professional experience with the following technologies: 
• Microsoft Windows Server & Red Hat Enterprise Linux 
• Microsoft Azure, AWS, Office 365, & Active Directory 
• Containers and related deployment systems 
• Intrusion Detection Systems (IDS) 
• Security Information and Event Management Systems (SIEM) 
• Working knowledge of relevant authoritative source material (e.g., PCI, GDPR, CMMC etc.) 
• Working knowledge of relevant industry best practices (e.g., NIST, COBIT, ITIL, ISO 27001, HITRUST etc.) 
• Working knowledge of business risk management strategies and management practices  
• Proven experience with analysis, design, scheduling, construction, and delivery of both network and cloud-based solutions 
• Experience in the Life Science, Health Care, manufacturing or other highly regulated industries 
• Experience with vendor and product selections including oversight of enterprise risk assessments 

Preferred Qualifications 

• GSEC, CISSP, or GCIH certification preferred 
• Broad technical knowledge of current and upcoming IT security technologies and techniques that cover all levels of IT architecture. 
• Ability to lead audits and assessments of technology and processes related to ISO27001, HIPAA & HITRUST. 

Physical and Mental Requirements

• Sit or stand for extended periods of time at stationary workstation
• Regularly carry, raise, and lower objects of up to 10 Lbs. 
• Learn and comprehend basic instructions
• Focus and attention to tasks and responsibilities
• Verbal communication; listening and understanding, responding, and speaking 

Advarra is an equal opportunity employer that is committed to diversity, equity and inclusion and providing a workplace that is free from discrimination and harassment of any kind based on race, color, religion, creed, sex (including pregnancy, childbirth, and related medical conditions, sexual orientation, and gender identity), national origin, age, disability or genetic information or any other status or characteristic protected by federal, state, or local law.  Advarra provides equal employment opportunity to all individuals regardless of these protected characteristics. Further, Advarra takes affirmative action to ensure that applicants and employees are treated without regard to any of these protected characteristics in all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and separation from employment.

The base salary range for this role is $​91,300 - $155,300​. Note that salary may vary based on location, skills, and experience and may vary from the amounts listed above. This position may also be eligible for a variable bonus in addition to base salary as well as health coverage, paid holidays, and other benefits.