Job Description

App & Cloud Security Engineer - Lead

Start: 2-3 weeks from date of offer

Location: Somerville, MA -Onsite just one day a week (Wednesday's).

40 hours a week permanent position

Interview Process: 2-3 rounds for this position

*Background Check Required*

*No VISA Sponsorship*

Hospital based in Boston, MA is building out a unified security team that will encompass both App and Cloud. This team will manage security across the full application lifecycle- from inception and code review to deployment and underlying infrastructure maintenance.

This position is the 1st hire for this department will be instrumental in the build out. Growth plans are to be a team of 8 over the next 3 years.

The Role: Lead Engineer (First Hire)

• Position: High-level Individual Contributor (Engineer III) acting as the "founding member" and leader of this new function.
• Key Responsibilities:
• Define the strategy and build the program from the ground up.
• Serve as the Product Owner for Wiz and Snyk .
• Collaborate closely with separate Cloud Engineering and Security Remediation teams.
• Ideal Candidate Profile: Someone with a background in Cloud Incident Response is highly desired. The client values the unique perspective this brings to defining a risk-prioritized approach to remediation.
• Career Trajectory: Opportunity to evolve into a Principal IC (Engineer IV) or pivot into leadership (Manager/Sr. Manager) as the team grows.

Environment:

Predominately Azure with some AWS as well. GCP is being sun-setted.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, or related field; advanced degrees or equivalent professional experience preferred.
• Minimum of 5+ years of progressive experience in application security, cloud security, or related cybersecurity roles.
• Relevant industry certifications preferred (CISSP, CCSP, CSSLP, AWS/Azure Security Specialty, GIAC certifications).

Skills for Success

• Expert-level knowledge and practical experience in secure software development methodologies, OWASP Top 10, and application security testing tools (SAST, DAST, IAST).
• A comprehensive understanding of secure coding principles, with the ability to guide development teams in adhering to these best practices. Hands-on experience with static and dynamic application security testing tools is preferred.
• Proven expertise in securing major cloud platforms (AWS, Azure, GCP), including experience with Cloud Security Posture Management tools, cloud-native security services, and infrastructure-as-code security.
• Deep understanding of modern software architectures, microservices, APIs, and container security best practices (e.g., Docker, Kubernetes).
• Ability to think strategically, creatively, and innovatively to design and implement robust security controls.
• Demonstrated leadership skills with strong project management capabilities, able to effectively communicate complex technical security issues clearly to technical and non-technical stakeholders.
• Proven track record of delivering and managing successful security projects and continuous improvement initiatives.
• Strong ability to apply documented processes, playbooks, and frameworks (e.g., OWASP, NIST CSF, etc.) to effectively address and resolve a wide variety of application security challenges.
• Knowledge of established security frameworks, including NIST Cybersecurity Framework (CSF), NIST 800-53 with a focus on their application in securing software and application environments.
• Preferred certifications include: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester Certification (GPEN), GIAC Experienced Penetration Tester (GX-PT), GIAC Certified Red Team Professional (GRTP), GIAC Security Operations Certified (GSOC), GIAC Security Expert (GSE), etc.
• Must know how to use common M365 Office Suite of products.

Job Tags

Similar Jobs