Security Engineer

Summary

Join Stedi's Platform Team as a Security Engineer and play a pivotal role in securing our AWS-based infrastructure. You will develop security playbooks, improve our IT footprint, collaborate with engineering teams on secure application design, and ensure compliance with standards like SOC, HIPAA, and HITRUST. This role requires extensive experience in AWS, security engineering, and compliance frameworks. You'll work with serverless technologies and infrastructure-as-code (CDK) in a fast-paced, innovative environment. Stedi offers a unique opportunity to contribute to a cutting-edge healthcare clearinghouse built on a modern API-first architecture.

Requirements

• 6+ years of experience in engineering working as a security engineer or in security-adjacent roles
• Familiarity with compliance frameworks such as SOC, HIPAA, and/or HITRUST
• 4+ years working with AWS services, including compliance and governance services like AWS Organizations, AWS CloudTrail, AWS Config, Security Hub, and GuardDuty
• Proficiency in TypeScript
• Ability to prioritize your work based on the needs of the business and the customers
• High bandwidth; thoughtful attention to many areas simultaneously
• Ability to context switch throughout the course of the day or week as priorities shift
• Philosophical alignment with the Stedi Standards and the Unwritten laws of engineering

Responsibilities

• Develop playbooks and address security-related tasks in our AWS serverless environments
• Drive improvements in our broader ‘IT’ footprint, including endpoint security, access management / just-in-time access, email and web gateways, browser security, and data loss prevention
• Collaborate with product engineering teams to raise the bar for security, supporting CI/CD pipelines, dependency management, and secure application design reviews
• Help secure and improve our AWS organization using infrastructure as code (CDK) , enforcing security controls, and ensuring strong tenant isolation
• Continuously assess vulnerabilities and perform regular risk assessments
• Manage Vanta workflows and automate tasks to maintain SOC and HIPAA compliance