OneImaging
We are seeking a proactive and detail-oriented
Cybersecurity Engineer
to join our growing security team. In this role, you will be responsible for designing, implementing, and maintaining technical security controls across our cloud infrastructure. You will play a critical role in helping the organization meet and maintain compliance with
SOC 2 ,
HIPAA , and
PCI DSS , while building scalable defenses that support our DevOps and engineering workflows.
Responsibilities
Cloud Security Engineering: Architect and enforce security best practices for AWS infrastructure, including IAM hardening, network segmentation, encryption, monitoring, and access control.
Infrastructure as Code Security: Use Terraform to define and enforce compliant infrastructure. Maintain guardrails and reusable secure modules to support a security-by-default approach.
Threat Detection & Monitoring: Build and tune log pipelines and alerts in Sumo Logic to identify misconfigurations, anomalous behavior, and potential threats.
CI/CD and Code Security: Collaborate with engineering to embed security into GitHub workflows and CI/CD pipelines. Implement controls for code scanning, secrets management, and artifact integrity.
Vulnerability Management: Manage and respond to vulnerability findings across cloud, container, and application layers. Prioritize remediation based on risk and regulatory requirements.
Audit & Compliance Engineering: Implement and maintain technical controls to meet SOC 2, HIPAA, and PCI DSS requirements. Partner with Compliance and GRC teams during audits and readiness assessments.
Incident Readiness: Assist in the development and testing of the incident response plan. Participate in threat simulations and security incident handling.
Security Enablement: Support security education, documentation, and enablement efforts across engineering and operations teams.
Qualifications
Required:
5+ years in cybersecurity engineering, cloud security, or DevSecOps.
Deep experience with AWS security services (IAM, KMS, VPC, Config, GuardDuty, etc.).
Strong proficiency with Terraform and Infrastructure as Code best practices.
Experience with Sumo Logic or equivalent log management tools.
Familiarity with securing CI/CD and development workflows in GitHub.
Demonstrated knowledge and practical experience implementing and maintaining compliance for SOC 2, HIPAA, and PCI DSS.
Strong understanding of vulnerability management, threat detection, and response.
Nice to Have:
Experience with Kubernetes security (EKS, container scanning).
Experience writing security policies or helping with control mapping.
Certifications such as AWS Security Specialty, CISM, CISSP, or GCPN.
Benefits
Health Care Plan (Medical, Dental & Vision)
Retirement Plan (401k, IRA)
Life Insurance (Basic, Voluntary & AD&D)
Paid Time Off (Vacation, Sick & Public Holidays)
Family Leave (Maternity, Paternity)
Short Term & Long Term Disability
Work From Home
Stock Option Plan
Job Details
Seniority level:
Mid-Senior level
Employment type:
Full-time
Job function:
Information Technology
Industries:
IT Services and IT Consulting
#J-18808-Ljbffr
Cybersecurity Engineer
to join our growing security team. In this role, you will be responsible for designing, implementing, and maintaining technical security controls across our cloud infrastructure. You will play a critical role in helping the organization meet and maintain compliance with
SOC 2 ,
HIPAA , and
PCI DSS , while building scalable defenses that support our DevOps and engineering workflows.
Responsibilities
Cloud Security Engineering: Architect and enforce security best practices for AWS infrastructure, including IAM hardening, network segmentation, encryption, monitoring, and access control.
Infrastructure as Code Security: Use Terraform to define and enforce compliant infrastructure. Maintain guardrails and reusable secure modules to support a security-by-default approach.
Threat Detection & Monitoring: Build and tune log pipelines and alerts in Sumo Logic to identify misconfigurations, anomalous behavior, and potential threats.
CI/CD and Code Security: Collaborate with engineering to embed security into GitHub workflows and CI/CD pipelines. Implement controls for code scanning, secrets management, and artifact integrity.
Vulnerability Management: Manage and respond to vulnerability findings across cloud, container, and application layers. Prioritize remediation based on risk and regulatory requirements.
Audit & Compliance Engineering: Implement and maintain technical controls to meet SOC 2, HIPAA, and PCI DSS requirements. Partner with Compliance and GRC teams during audits and readiness assessments.
Incident Readiness: Assist in the development and testing of the incident response plan. Participate in threat simulations and security incident handling.
Security Enablement: Support security education, documentation, and enablement efforts across engineering and operations teams.
Qualifications
Required:
5+ years in cybersecurity engineering, cloud security, or DevSecOps.
Deep experience with AWS security services (IAM, KMS, VPC, Config, GuardDuty, etc.).
Strong proficiency with Terraform and Infrastructure as Code best practices.
Experience with Sumo Logic or equivalent log management tools.
Familiarity with securing CI/CD and development workflows in GitHub.
Demonstrated knowledge and practical experience implementing and maintaining compliance for SOC 2, HIPAA, and PCI DSS.
Strong understanding of vulnerability management, threat detection, and response.
Nice to Have:
Experience with Kubernetes security (EKS, container scanning).
Experience writing security policies or helping with control mapping.
Certifications such as AWS Security Specialty, CISM, CISSP, or GCPN.
Benefits
Health Care Plan (Medical, Dental & Vision)
Retirement Plan (401k, IRA)
Life Insurance (Basic, Voluntary & AD&D)
Paid Time Off (Vacation, Sick & Public Holidays)
Family Leave (Maternity, Paternity)
Short Term & Long Term Disability
Work From Home
Stock Option Plan
Job Details
Seniority level:
Mid-Senior level
Employment type:
Full-time
Job function:
Information Technology
Industries:
IT Services and IT Consulting
#J-18808-Ljbffr