Security and Compliance Engineer_Offshore

<h3>About the Role</h3><p>We're seeking a hands-on and detail-oriented Security and Compliance Engineer to drive security across our applications, infrastructure, and compliance programs-especially in a healthcare environment. This role combines security engineering, DevSecOps, and risk management with a strong focus on application, cloud, AI, and data security.</p><p>You will work closely with engineering, DevOps, and compliance teams to embed security into the development lifecycle, support regulatory frameworks, and ensure cloud-native environments and AI technologies are secure by design.</p><h3>Responsibilities</h3><ul><li>Conduct web and mobile application penetration testing, vulnerability scanning, and remediation support across our platforms.</li><li>Integrate DevSecOps practices into CI/CD pipelines, using tools like Snyk, Terraform, and container security scanners.</li><li>Implement and monitor Cloud Security Posture Management (CSPM) tools such as Wiz to secure cloud configurations and infrastructure.</li><li>Partner with DevOps to enforce secure provisioning via Infrastructure as Code (IaC).</li><li>Lead and support compliance initiatives (HIPAA, SOC 2, HITRUST) using platforms like Drata (Compliance-as-a-Service).</li><li>Design and enhance email gateway security (e.g., Barracuda) and bot protection (e.g., WatchGuard) to defend against phishing and automated threats.</li><li>Evaluate and secure chatbots and AI systems, addressing risks like prompt injection, data leakage, and model integrity.</li><li>Drive data security best practices including encryption, data loss prevention (DLP), and classification strategies.</li><li>Collaborate with engineering to embed security controls in product design and conduct threat modeling, secure code reviews, and architecture reviews.</li><li>Participate in incident detection, response, and root cause analysis, while ensuring effective logging and monitoring are in place.</li><li>Maintain security documentation and support audits and third-party assessments.</li></ul><h3>Required Skills &amp; Qualifications</h3><ul><li>4-6 years of experience in security engineering, compliance, and DevSecOps.</li><li>Proficiency in web and mobile application security, including OWASP Top 10, SAST/DAST tools, and manual testing with Burp Suite, etc.</li><li>Strong exposure to DevSecOps workflows, with hands-on experience using tools like Snyk, Terraform, and container security.</li><li>Deep understanding of HIPAA, SOC 2, and healthcare compliance requirements.</li><li>Experience with cloud security, preferably on Microsoft Azure, and familiarity with CSPM tools like Wiz.</li><li>Working knowledge of Drata or similar compliance automation platforms.</li><li>Exposure to email security gateways, bot protection, and threat detection tools.</li><li>Familiarity with AI and chatbot security concepts and current risks in the generative AI space.</li><li>Strong grasp of data security principles-encryption, access controls, data classification, and DLP.</li><li>Scripting or automation skills in Python, Bash, or equivalent are a plus.</li><li>Strong written and verbal communication, documentation, and collaboration skills.</li></ul><h3>Nice to Have</h3><ul><li>Certifications like OSCP, CEH, CCSK, CISSP, HCISPP, or similar.</li><li>Familiarity with tools like KnowBe4, Intune, or Azure AD for identity and endpoint security.</li><li>Understanding of Zero Trust Architecture, RBAC, and endpoint detection and response (EDR) strategies.</li><li>Previous experience in a health tech, SaaS, or AI-focused organization.</li></ul><h3>Why Join Us</h3><ul><li>Make a real impact in securing healthcare and AI systems at scale.</li><li>Collaborate in a high-ownership environment with modern tools and cloud-native practices.</li><li>Work in a security-forward company that values both innovation and compliance.</li><li>Flexible work environment and growth opportunities in a fast-paced tech culture.</li></ul><p>Originally posted on <a href="https://himalayas.app">Himalayas</a></p>