Security Engineer

The Cloud Security Engineer will be responsible for securing and optimizing our AWS and Azure cloud infrastructures by managing services such as AWS IAM, VPC, GuardDuty, CloudTrail, KMS, Security Hub, as well as Azure equivalents including Azure AD, Azure Security Center, Azure Key Vault, Azure Monitor, and Microsoft Defender for Cloud. This role will involve implementing robust security controls, automating security processes, and ensuring compliance with industry standards across both platforms. The engineer will collaborate with DevSecOps, development teams, and leadership to integrate security into CI/CD pipelines, create incident response playbooks, and foster a culture of security. Key responsibilities also include risk mitigation, proactive threat detection, auditing for compliance, and optimizing cloud resources for both security and cost efficiency. Familiarity with Splunk, Azure IAM, and cross-cloud security practices is a strong plus

Comprehensive security solutions

Design, implement, and manage comprehensive security solutions across AWS cloud environments, ensuring continuous protection and operational integrity

Best practices alignment

Specialize in reviewing AWS cloud infrastructure and network configurations for compliance with AAMC security standards and cloud security best practices.

Review Change Requests

Evaluate and approve security-related Change Page 2 of 5 Requests, providing technical consultation on system enhancements or configuration adjustments, ensuring alignment with security policies, risk management strategies, and industry best practices

Automation

Evaluate, recommend, obtain, or develop (as appropriate) automation solutions to streamline security operations, reducing manual tasks while improving response times and consistency in threat detection and mitigation

Enforce security policies

Operationalize and enforce security policies and standards across environments, while actively contributing to the creation, refinement, and continuous improvement of security frameworks and guidelines to align with evolving threats and compliance requirements.

Optimize Existing Technologies

Continuously evaluate and refine deployed cloud solutions to improve performance, scalability, and operational efficiency

Collaboration

Continuously evaluate and refine deployed cloud solutions to improve performance, scalability, and operational efficiency

• Bachelor's degree in Computer Science / Information Security / Cybersecurity * Information Technology OR additional related work experience

• 5 - 7 years of related work experience

• To effectively engage with teams, technical knowledge and the following are required:

  • Collaboration and communication - to interact with devs, ops, compliance teams.

  • Understanding DevSecOps culture - AWS environments are fast-paced and automated.

  • Documentation and Reporting - ability to create security documentation, risk assessments, and incident reports.

  • Threat modeling & risk assessment - being able to communicate risks in business terms.

  • Experience with Security technology as they relate to IaaS, PaaS and SaaS Ability to work independently and manage multiple priorities Demonstrated ability to document and articulate control requirements Demonstrate the ability to collaborate with different levels of the organization and cross discipline teams.

• Preferred Experience:

  • Hands-on experience with:

  • AWS and Azure IAM (Identity and Access Management) - policies, roles, federation, permissions boundaries.

  • AWS Networking - VPCs, security groups, NACLs, private/public subnets, AWS WAF.

  • CloudTrail & GuardDuty - monitoring and threat detection.

  • Encryption & KMS - securing data at rest/in transit, key rotation policies.

  • Logging & Monitoring - with CloudWatch, Config, AWS Security Hub.

  • DevSecOps concepts - integrating security in CI/CD pipelines (e.g., using tools like AWS CodePipeline + security scans).

  • Incident Response in AWS - playbooks, containment, forensics.

  • Software as a Service (SaaS), (Infrastructure as a Service (IaaS), Platofrm as a Service (PaaS)

  • Splunk and Splunk Enterprise Security.

  • Use cases to build detections for:

    • Unauthorized API calls

    • Public S3 buckets

    • Suspicious IAM activity

    • Lambda privilege escalation

    • EC2 metadata abuse

    • How to reduce false positives and tuning thresholds Build dashboards, alerts, and correlation rules to detect suspicious behavior in AWS.

    • Knowledge of Microsoft Azure and Ping Identity are a plus.

Certifications (Preferred):

* AWS Cloud Practitioner

* CISSP, CSSP, or equivalent

* AWS Certified Security - Specialty

* AWS Certified Solutions Architect - Associate

* Azure Security Engineer Associate

* Google Professional Cloud Security Engineer

* SANS GIAC Cloud Security Essentials

Remote Work Eligibility

Compensation Grade Range

Multiple factors are taken into consideration to arrive at the final hourly rate/annual salary to be offered to the selected candidate. Factors may include, but are not limited to, the scope and responsibilities of the role, the selected candidate's work experience, education and training, as well as internal equity, market, and business considerations.

If a bachelor's degree is required, related work experience may be substituted in some positions. One year of college course work at an accredited institution is equivalent to one year of related work experience.

The Association of American Medical Colleges (AAMC) is an Equal Opportunity/Affirmative Action Employer. The AAMC is committed to the policy of an equal employment opportunity in recruitment, hiring, career advancement, and all other personnel practices. The AAMC will not discriminate on the basis of race, color, sex, national origin, religion, age, marital status, personal appearance, sexual orientation, gender identity or expression, family responsibilities, matriculation, political affiliation, genetic information, disability, past or current military service, or any other legally protected characteristic.

Please attach a resume as part of the application process. It is important that files DO NOT include periods ( . ) within the file name.

BROWSER REQUIREMENTS: Applications must be submitted using Chrome, Mozilla Firefox, Safari, orMicrosoft Edge.