Cloud Security Principal Engineer

Cloud Security Engineer Role Overview:

The Cloud Security Engineer plays a critical role in CHOP’s cloud security service delivery model. This position combines deep technical expertise with collaboration across internal and external teams to design, implement, and optimize cloud security controls and service lines. The candidate will support both project-based and continuous security initiatives, focusing on:

• Securing CHOP’s cloud migration.

• Supporting cloud security tool optimization.

• Strengthening cloud security processes for the Information Security team.

• Implementing cloud/hybrid controls, automation, and risk-driven security outcomes.

Key Responsibilities

• Cloud Security Expertise:

  • Lead cloud security efforts, including the design, implementation, and continuous improvement of security controls, cloud infrastructure, and automation.

  • Secure multi-cloud environments, with a focus on Identity and Access Management (IAM), cloud security tools, and security service lines.

  • Collaborate with internal stakeholders, vendors, and cross-functional teams to maintain security technologies across network, endpoint, identity, and cloud infrastructure.

  • Ensure alignment of security architectures with CHOP’s policies, standards, and external frameworks (e.g., NIST SP 800-53, HIPAA, PCI-DSS).

• Incident Response & Risk Management:

  • Drive incident response efforts, including the development of incident response plans, engineering runbooks, tabletop exercises, and system hardening guides.

  • Participate in audits, compliance assessments, risk remediation, and evidence collection with internal compliance teams and third-party stakeholders.

• Cloud Security Tool Optimization:

  • Fine-tune detection and prevention capabilities by working with Managed Service Providers (MSP) to validate alerts and triage escalations.

  • Assist with the optimization of security tools, such as EDR (Microsoft Defender), SIEM (Sentinel or Splunk), CSPM (e.g., Wiz), and IAM (Entra ID).

• Mentorship & Collaboration:

  • Mentor and support junior InfoSec engineers through documentation, training, and peer reviews.

  • Participate in design and governance forums to provide security input into infrastructure, DevSecOps, and cloud-native application strategies.

Required Skills & Experience:

• Technical Proficiency:

  • Proven experience securing multi-cloud environments.

  • Hands-on experience with cloud security tools and technologies, including but not limited to EDR, SIEM, CSPM, IAM, VPNs, NGFWs, NAC, and encryption protocols.

  • Demonstrated knowledge of cloud platforms (Azure preferred), vulnerability management, secure configuration management, and automation tools (e.g., Terraform, PowerShell).

• Security Engineering & Architecture:

  • Experience in cloud security architecture and engineering, particularly in IAM, cloud-native controls, and hybrid cloud environments.

  • Proficiency in security and regulatory standards (NIST, HIPAA, PCI-DSS, etc.).

• Collaboration & Communication:

  • Strong collaboration skills with internal teams, vendors, and stakeholders.

  • Ability to lead and/or support the development of incident response plans, risk assessments, and security-related policies.

Required Education & Experience:

• Education:

  • Required: Bachelor's Degree in Computer Science, Information Systems, or a related field.

  • Preferred: Master’s degree or professional certifications (e.g., CISSP, AWS Certified Security Specialty, etc.).

• Experience:

  • Required:

    • 12+ years of industry experience, including 6+ years in information security, regulatory compliance, and risk management.

    • 3+ years of hands-on experience with cloud and/or virtualization technologies.

    • Experience with Identity and Access Management (IAM), user provisioning, and Role-Based Access Control (RBAC).

  • Preferred:

    • Experience working with matrixed, high-performance teams.

    • Experience in clinical or financial systems (e.g., Epic, Lawson).