Join our Talent Network
Skip to main content

Cloud Security Engineer

Company: Norstella
Location: United States
Date Posted:
Employment Type:
Job ID:

Share:
Save job Saved

Description

Why Norstella?Norstella unites market-leading companies that all have a shared goal of improving patient access. Each organization (Evaluate, MMIT, Panalgo, Citeline and The Dedham Group) delivers must-have answers for critical strategic and commercial decision-making.
Together, we help our clients:
  • Assess the market need and competitive landscape
  • Know precisely which drugs to prioritize in their portfolios
  • Find out where the launch difficulties will bebefore theyre difficulties
  • Track and improve market access post-launch
By combining the efforts of each organization under Norstella, we can offer an even wider breadth of expertise, cutting-edge data solutions and expert advisory services alongside advanced technologies such as real-world data, machine learning and predictive analytics. At Norstella, we dont just deliver information and insights. We deliver answers you can act on.
The Role:
We are looking for someone who is motivated, driven, and passionate about cloud security and finding solutions to complex business challenges. If you join the Citeline Information Security team, your mission will be to help us build and operate our cloud security program. You will have the exciting opportunity to work with our developers and DevOps engineers to create low-friction, high-impact solutions that minimize information security risk to our company, customers, and partners.
Responsibilities
    • This is a hands-on technical position, with a mixture of architecture, design, implementation, and operations responsibilities
    • Ensure the secure operations of Citeline cloud infrastructure, platforms, and software, through the installation, maintenance, and continuous improvement of cloud security capabilities
    • Translate business needs into security and technical requirements and communicate security risks to relevant stakeholders ranging from business leaders to technologists
    • Provide subject matter expertise on information security architecture and systems engineering to technology and business teams
    • Create cloud security policies and standards as a part of the larger information security policy framework
    • Work closely with GRC team to develop and maintain cloud security designs necessary to achieve compliance requirements including SOX, ISO 27001, SOC 2, PCI, HIPAA/HITECH, and GDPR
    • Implement cloud security controls to rapidly detect and respond to information security incidents; participate as needed in security incidents
    • Stay current with industry best practices in cloud security and the evolving threat landscape; implement and update cloud security capabilities accordingly
    • Work closely with product security engineers to create and maintain threat models and associated remediation recommendations
    • Analyze, design, develop, and operate programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context
    • Lead and participate in large cross-functional projects
    • Create and maintain thorough technical documentation and runbooks

    Requirements

    • 5+ years of cloud security engineering experience with deep expertise in AWS
    • Deep understanding of web application architecture and design principles
    • Solid grasp of full-stack engineering: front-end/backend, API and service architecture design, web infrastructure and distributed systems
    • Knowledge in authentication and authorization standards including OAuth, SAML, etc
    • Strong understanding of Infrastructure-as-Code and experience with Terraform
    • Experience securing containers and Kubernetes
    • Ability to write reliable Python software
    • Experience with DevOps and automation mindset and tools required (Jenkins, TeamCity, etc)
    • In-depth knowledge of common security flaws and resolution as published by OWASP, SANS, etc
    • Experience in regulated environments regarding change management, security controls, compliance efforts (HIPAA/HITRUST, SOC 2, ISO 27001)
    • Advanced interpersonal and communication skills with the ability to collaborate effectively in a team environment and promote ideas at various levels of the organization
    • Advanced analytical and decision-making skills
    • Excellent written and verbal communication skills and the ability to translate security objectives into technical requirements
    • Excellent judgement in prioritizing security efforts to mitigate the appropriate risks
    • An ability to reason about security decisions and communicate security requirements
    Benefits:
    • Medical and prescription drug benefits
    • Health savings accounts or flexible spending accounts
    • Dental plans and vision benefits
    • Basic life and AD&D Benefits
    • 401k retirement plan
    • Short- and Long-Term Disability
    • Maternity leave
    • Paid parental leave
    • Paid Time Off
    The Guiding Principles for success at Norstella:
    01: Bold, Passionate, Mission-First
    We have a lofty mission to Smooth Access to Life Saving Therapies and we will get there by being bold and passionate about the mission and our clients. Our clients and the mission in what we are trying to accomplish must be in the forefront of our minds in everything we do.
    02: Integrity, Truth, Reality
    We make promises that we can keep, and goals that push us to new heights. Our integrity offers us the opportunity to learn and improve by being honest about what works and what doesnt. By being true to the data and producing realistic metrics, we are able to create plans and resources to achieve our goals.
    03: Kindness, Empathy, Grace
    We will empathize with everyone's situation, provide positive and constructive feedback with kindness, and accept opportunities for improvement with grace and gratitude. We use this principle across the organization to collaborate and build lines of open communication.
    04: Resilience, Mettle, Perseverance
    We will persevere even in difficult and challenging situations. Our ability to recover from missteps and failures in a positive way will help us to be successful in our mission.
    05: Humility, Gratitude, Learning
    We will be true learners by showing humility and gratitude in our work. We recognize that the smartest person in the room is the one who is always listening, learning, and willing to shift their thinking.
      The expected base salary for this position ranges from $150,000 to $165,000. It is not typical for offers to be made at or near the top of the range. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also considered. In addition to base salary and a competitive benefits package, successful candidates are eligible to receive a discretionary bonus.

      Norstella is an equal opportunities employer and does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, color, nationality, ethnic or national origin, religion or belief, disability or age. Our ethos is to respect and value peoples differences, to help everyone achieve more at work as well as in their personal lives so that they feel proud of the part they play in our success. We believe that all decisions about people at work should be based on the individuals abilities, skills, performance and behavior and our business requirements. Norstella operates a zero tolerance policy to any form of discrimination, abuse or harassment.
      Sometimes the best opportunities are hidden by self-doubt. We disqualify ourselves before we have the opportunity to be considered. Regardless of where you came from, how you identify, or the path that led you here- you are welcome. If you read this job description and feel passion and excitement, were just as excited about you.
      Share: