This is a fully Remote and Work From Home (WFH) opportunity within the US
Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. The Science 37 Operating System (OS) enables universal access to patients and providers, leading to faster enrollment, greater retention and a more representative patient population. To help us achieve our goal, we are seeking a Principal AWS Security Engineer eager to make an impact within a mission-driven organization.
The Principal AWS Security Engineer is responsible for the application security of the entire software suite that Tech is creating, using and managing including Science 37’s flagship product NORA. Our mission is to make NORA the safest and most secure Clinical Trials Management System that everybody trusts with their most sensitive data.
DUTIES & RESPONSIBILITIES
Duties include but are not limited to:
- Introduce and Manage Endpoint detection and response (EDR) in AWS
- Manage AWS WAF with F5/Fortinet rules
- Manages KMS (Data at Rest, Data in Transit) and Secrets Manager in a automatic way
- Utilize GuardDuty, Inspector, ECS, SecurityHub, AWS Config, Macie and Trust Advisor
- Analyze and modify terraform/cloud formation
- Introduce and optimize Cloud Custodian and manage Boto/Python languages
- Manage IAM (identity policies, resource policies, permission boundaries, and tagging)
- Improve Security of AWS RDS, Dynamo DB and
- Introduce HITRUST certified AWS environment
- Manage CloudWatch/Metrics/Lambda functions with SNS notifications (Automation)
- Manage and define preventive guardrails, detective controls and automated alerts and remediations to ensure secure implementation in all AWS cloud environments
QUALIFICATIONS & SKILLS
- Bachelor’s Degree in Computer Science, Information Science and similar fields
- 10+ years of professional experience in application security and AWS
- Deep experience in detection, monitoring, alerting or threat intelligence
- Strong analytical skills to solve complex problems with multiple variables
- Experience in applying security to cloud technologies (Managing secrets, Securing CD pipeline, Secure Infrastructure as Code, Container Security, DevSecOps and CI/CD Implementation.)
- Excellent communication skills to both technical and non-technical leaders
- PLUS: Knowledge of consumer privacy industry compliance requirements; GDPR, CCPA, ISO 27001, PCI, HIPPA, GxP, 21 CFR Part 11
- Outstanding organizational and leadership abilities
- High level, written and verbal communication skills
- An effective communicator; strong communication, negotiation and influence skills
- Proven track record of delivering results and meeting targets
- Good blend of analytical skills, strategic thinking, planning and implementation
- Ability to articulate ideas to both technical and non-technical audiences
- Commitment to results; is focused and results driven, excellent time management skills
- Action oriented and innovative; able to translate broad goals into achievable steps
- Motivating; knows how to influence and enable others
- Strong problem solving and creative skills and the ability to exercise sound judgment and make decisions based on accurate and timely analyses
- High level of integrity and dependability with a strong sense of urgency and results-orientation
- Ability to foster and cultivate business opportunities and partnerships
- Ability to communicate in English (both verbal and written)
The incumbent reports to the Director of Application Security.
Science 37 is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.
Science 37 values the well-being of its employees and aims to provide team members with everything they need to succeed.
Submit your resume to apply!