Senior Cloud Security Engineer

Summary

Join Smile Digital Health and contribute to our mission of #BetterGlobalHealth. This role focuses on managing risk and security for Managed Services, both in the cloud and on our platform. You will evaluate technology controls, support audits, conduct risk assessments, investigate incidents, enhance security, and support compliance programs. The position requires collaboration with various teams, including SecOps, IT Operations, and implementation teams. You will also assist with employee training and third-party attestations. Smile Digital Health offers a remote work environment and flexible time off.

Requirements

• Possess a minimum of 5 years experience with linux, networking, docker and security combined with a minimum of 3 years of experience in Azure, AWS or GCP along with containerized computing environments Solid Network and IT Security fundamentals
• Proven ability to utilize various assessment tools and navigate through logs to establish the root cause of issues
• Proven ability to work with various security tools and frameworks including SOAR / SIEM, Vulnerability Scanners, IDS / IPS, Cloud Security Posture Management
• Working knowledge of IT and Security compliance frameworks, such as: HITRUST, GDPR, SOC 2, ISO 27001 and HIPAA, PHIPA, etc
• Experience in dealing with security issues and policy, as well as supporting audit and compliance requirements from a technical standpoint
• Ability to analyze system data, including, but not limited to, security and network event logs, web, anti-virus, DLP, syslogs, IPS and firewall logs
• Experience in access control and identity management for on premise and cloud environments
• The capacity to accommodate a flexible schedule (for audits and security incidents) and work on a regular on-call rotation
• Experience working with and having access to confidential & sensitive information and interfacing with senior business leaders as a technical resource
• Must have experience with access control and identity management, analyzing security and network logs along with supporting audit and compliance requirements from a technical and operational standpoint
• Must comply with appropriate background check requirements such as but not limited to: criminal, exclusion screening, credit, education, etc. Such checks are based on the job requirements. The incumbent may be required to re-verify the required checks on an annual basis or from time-to-time as determined by the Company

Responsibilities

• Perform security scanning / testing, controls testing, document results, and provide detailed updates to internal colleagues
• Conduct vulnerability assessments regularly per contractual agreement and per compliance requirements
• Act as part of the SecOps team and ensure compliance of all security requirements
• Proactively identify gaps or conflicts in existing processes and help develop solutions with colleagues
• Perform assessments of systems, networks, and applications in Smile Digital Health cloud environments and readily address vulnerabilities identified
• Assist with remediation of control deficiencies and security gaps
• Research and perform tests with cutting edge security tools
• Generate regular reports and technical documentation for the SecOps team
• Assist with the education and training of process / control owners so they better understand technology control frameworks and their responsibilities
• Assist with other security aspects as needed including vendor security assessments, customer audit needs
• Facilitate third-party attestations, audits, and certification efforts for the organization
• Assist IT Operations team and IT Security and Privacy Governance teams with maintaining coverage of applicable privacy laws and regulations and closely follow emerging IT Security technologies
• Provide guidance on privacy risks and advise on application of privacy requirements
• Work with the Cloud Operations and various implementation teams to ensure best practices
• Work to integrate various security technologies with ITSM tools
• Respond to incidents as required
• Comply with the privacy, security and confidentiality policies

Preferred Qualifications

Post secondary education in IT security or networking or a similar subject field is preferred

Benefits

• Remote Work Environment
• Flexible Time Away From Work Policy including PTO, Personal and Sick Days
• Competitive Salary and Health/Medical Benefits
• RRSP/TFSA/401K Employee Contribution
• Life and Disability
• Employee Assistance Program
• FHIR Study Program and Skillsoft Learning