Cloud Security Principal Engineer

Cloud Security Engineer Role Overview:

The Cloud Security Engineer plays a critical role in CHOPs cloud security service delivery model. This position combines deep technical expertise with collaboration across internal and external teams to design implement and optimize cloud security controls and service lines. The candidate will support both project-based and continuous security initiatives focusing on:

• Securing CHOPs cloud migration.

• Supporting cloud security tool optimization.

• Strengthening cloud security processes for the Information Security team.

• Implementing cloud/hybrid controls automation and risk-driven security outcomes.

Key Responsibilities

• Cloud Security Expertise:

  • Lead cloud security efforts including the design implementation and continuous improvement of security controls cloud infrastructure and automation.

  • Secure multi-cloud environments with a focus on Identity and Access Management (IAM) cloud security tools and security service lines.

  • Collaborate with internal stakeholders vendors and cross-functional teams to maintain security technologies across network endpoint identity and cloud infrastructure.

  • Ensure alignment of security architectures with CHOPs policies standards and external frameworks (e.g. NIST SP 800-53 HIPAA PCI-DSS).

• Incident Response & Risk Management:

  • Drive incident response efforts including the development of incident response plans engineering runbooks tabletop exercises and system hardening guides.

  • Participate in audits compliance assessments risk remediation and evidence collection with internal compliance teams and third-party stakeholders.

• Cloud Security Tool Optimization:

  • Fine-tune detection and prevention capabilities by working with Managed Service Providers (MSP) to validate alerts and triage escalations.

  • Assist with the optimization of security tools such as EDR (Microsoft Defender) SIEM (Sentinel or Splunk) CSPM (e.g. Wiz) and IAM (Entra ID).

• Mentorship & Collaboration:

  • Mentor and support junior InfoSec engineers through documentation training and peer reviews.

  • Participate in design and governance forums to provide security input into infrastructure DevSecOps and cloud-native application strategies.

Required Skills & Experience:

• Technical Proficiency:

  • Proven experience securing multi-cloud environments.

  • Hands-on experience with cloud security tools and technologies including but not limited to EDR SIEM CSPM IAM VPNs NGFWs NAC and encryption protocols.

  • Demonstrated knowledge of cloud platforms (Azure preferred) vulnerability management secure configuration management and automation tools (e.g. Terraform PowerShell).

• Security Engineering & Architecture:

  • Experience in cloud security architecture and engineering particularly in IAM cloud-native controls and hybrid cloud environments.

  • Proficiency in security and regulatory standards (NIST HIPAA PCI-DSS etc.).

• Collaboration & Communication:

  • Strong collaboration skills with internal teams vendors and stakeholders.

  • Ability to lead and/or support the development of incident response plans risk assessments and security-related policies.

Required Education & Experience:

• Education:

  • Required: Bachelors Degree in Computer Science Information Systems or a related field.

  • Preferred: Masters degree or professional certifications (e.g. CISSP AWS Certified Security Specialty etc.).

• Experience:

  • Required:

    • 12 years of industry experience including 6 years in information security regulatory compliance and risk management.

    • 3 years of hands-on experience with cloud and/or virtualization technologies.

    • Experience with Identity and Access Management (IAM) user provisioning and Role-Based Access Control (RBAC).

  • Preferred:

    • Experience working with matrixed high-performance teams.

    • Experience in clinical or financial systems (e.g. Epic Lawson).