Cloud Security Principal Engineer

Job Title: Cloud Security Principal Engineer
Job Location: Philadelphia, PA 19104
Job Duration: 6 Months+ Temp to Perm (Possible extension)
 
Schedule: Hybrid – 80% remote, 20% onsite
 
Job Summary:
The Cloud Security Engineer will play a pivotal role in the cloud security service delivery model, combining deep technical expertise and collaboration across internal and external teams to design, implement, and optimize cloud security controls and service lines. The candidate will support both project-based and continuous security initiatives, focusing on securing cloud migration, supporting cloud security tool optimization, cloud security processes, cloud/hybrid controls, automation, and risk-driven security outcomes.
The Principal Information Security Specialist serves as a subject matter expert (SME) and in-house advisor on complex security problems, working independently to provide enterprise-wide solutions aligned with organizational goals.
Note: Candidates must hold CISSP certification. Cloud security certifications are highly preferred.
 
Key Responsibilities / Duties:

• Secure multi-cloud environments, including Identity and Access Management (IAM) in the cloud.
• Design, implement, and maintain security technologies across network, endpoint, identity, and cloud infrastructure.
• Drive continuous improvement of cloud security controls by validating alerts, triaging escalations, and fine-tuning detection/prevention capabilities.
• Lead or support incident response plans, engineering runbooks, tabletop exercises, and system hardening guides.
• Ensure alignment of security architectures with policies, standards, and external frameworks (NIST SP 800-53, HIPAA, PCI-DSS, CISA ZTMM, CIS Benchmarks, Microsoft CAF, AWS CAF, Google CAF).
• Participate in design and governance forums for infrastructure, DevSecOps, and cloud-native applications.
• Assist with audits, compliance assessments, risk remediation plans, and evidence collection with internal and third-party stakeholders.
• Mentor junior InfoSec engineers through documentation, training, and peer reviews.
• Hands-on experience in security engineering, systems integration, and cloud architecture (Azure preferred).
• Utilize tools and domains such as EDR (Microsoft Defender), SIEM (Sentinel or Splunk), CSPM (e.g., Wiz), IAM (Entra ID), VPNs/NGFWs, NAC, and encryption protocols.
• Implement secure configuration management, automation pipelines (Terraform, PowerShell), and vulnerability management platforms.
• Optimize information management approaches to meet evolving business and technology needs.
• Function as SME to maintain understanding of DTS business and clinical applications, assisting stakeholders in understanding InfoSec and compliance requirements.
• Support enterprise architecture and information security operations across identity & access management, cloud providers, SIEM, DLP, perimeter security, cloud/virtualization environments, and network security.
• Educate management on InfoSec standards for business continuity and change management.
• Maintain knowledge of regulatory standards and frameworks (HIPAA, PCI, Joint Commission, NIST, ISO 27000 series).
• Apply SDLC methodologies and PMO project management skills, including MS productivity tools.
• Ensure compliance with all enterprise and departmental security policies, procedures, and standards.

 
Education:

• Required: Bachelor’s Degree
• Preferred: Bachelor’s Degree in Computer Science, Information Systems, or related field

 
Experience:

• At least 12 years of industry experience, including 1–2 IT disciplines (technical architecture, network management, application development, middleware, information analysis, database management, operations).
• At least 6 years of experience in information security, regulatory compliance, and risk management.
• At least 3 years of experience in IAM, user provisioning, RBAC, control self-assessment, or security awareness training.
• Experience with cloud and/or virtualization technologies.
• Preferred: 3+ years working in matrixed high-performance teams.

 
Skills / Competencies:

• Demonstrated knowledge of information security principles, IT controls, and security policies/procedures.
• Strong understanding of regulatory standards and accreditation requirements.
• Familiarity with EHR, cloud frameworks, and identity access controls.
• Basic database query and data mining skills.
• Knowledge of Microsoft Active Directory, UNIX, and clinical applications.
• Experience implementing application-level security in clinical/financial systems (Epic, Lawson, ERP).
• General networking knowledge (WANs, LANs, Internet, TCP/IP protocols).
• Experience with risk management frameworks.
• Proficiency with Microsoft productivity tools (Access, Word, PowerPoint, Visio, Project).

 
Languages:

• English (Speak, Read, Write)

 
Hours Per Week: 40.00
Hours Per Day: 8.00
Days Per Week: 5.00