Information Security Engineer

Job Category: Technology and IT
Job Type: Remote
Job Location: United States
Salary: Competitive salary
Company Name: Reveleer

Overview
Reveleer is seeking a Senior Information Security Engineer to safeguard our cloud-based healthcare SaaS platforms, infrastructure, and customer data. As a Senior Information Security Engineer, you will design, implement, and manage enterprise-grade security solutions aligned with HIPAA, HITRUST, SOC 2, and NIST 800-53 frameworks. This role requires hands-on expertise in cloud security, DevSecOps, identity management, endpoint protection, and security automation. You will collaborate across teams to ensure robust security for our infrastructure, applications, and SaaS environments while maintaining compliance and minimizing risk.

Location: Remote
Employment Type: Full-time

Key Responsibilities

Cloud and Infrastructure Security

  • Design and maintain secure architectures across AWS, Azure, and GCP.

  • Implement security controls using AWS Security Hub, GuardDuty, Config, IAM, and similar tools.

  • Conduct vulnerability scans, configuration reviews, and remediation tracking.

  • Develop and enforce network segmentation, encryption, and key management policies.

Application & SaaS Security

  • Integrate security into CI/CD pipelines using tools like Snyk and StackHawk.

  • Perform threat modeling, code reviews, and secure design assessments for microservices and APIs.

  • Support penetration testing and application security validation.

  • Ensure PHI/PII protection across all SaaS platforms.

Endpoint & Identity Security

  • Manage EDR/XDR solutions such as Cortex and Defender for Endpoint.

  • Implement identity security controls via Microsoft Entra ID (Azure AD), Conditional Access, and PIM.

  • Support Intune and MDM compliance policies for Windows, macOS, and mobile devices.

Security Operations & Incident Response

  • Monitor security alerts, investigate incidents, and coordinate responses with the SOC.

  • Develop and maintain incident response runbooks, playbooks, and forensic analysis procedures.

  • Support SIEM integrations and improve detection use cases continuously.

Governance, Risk & Compliance

  • Support audits and evidence collection for HIPAA, HITRUST, SOC 2, and customer security assessments.

  • Maintain asset inventories, risk registers, and remediation tracking.

  • Collaborate with Compliance to align security controls with policies.

  • Contribute to security awareness and training initiatives.

Qualifications

Required:

  • Bachelor’s degree in Computer Science, Information Security, or equivalent experience.

  • 5+ years in security engineering or technical security roles.

  • Strong knowledge of cloud-native security (AWS, Azure) and modern SaaS architectures.

  • Hands-on experience with SIEM, EDR/XDR, IAM, vulnerability management, and security automation.

  • Familiarity with HIPAA, HITRUST, and SOC 2 compliance requirements.

  • Experience securing containerized and serverless workloads (EKS, Lambda).

Preferred:

  • Certifications: CISSP, CISM, CCSP, AWS Security Specialty, or GIAC (GSEC, GCIA, GCIH).

  • Experience with infrastructure-as-code security (Terraform, Ansible, CloudFormation).

  • Knowledge of DevSecOps pipelines and tools (Jenkins, Bitbucket).

  • Strong scripting skills (Python, PowerShell, Bash).

Key Competencies

  • Analytical, detail-oriented, and strong problem-solving skills.

  • Ability to balance business needs with risk mitigation.

  • Excellent communication skills for technical and non-technical audiences.

  • Collaborative team player with a proactive approach to continuous improvement.

Compensation & Benefits

  • Competitive pay based on market location, skills, and experience.

  • Remote work flexibility.

  • Equal opportunity employer – we value diversity and inclusion in all hiring practices.

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx