Principal Cloud Security Engineer at Hhaexchange

HHAeXchange is the leading technology platform for home and community-based care. Founded in 2008, HHAeXchange was born out of an idea to create a fully comprehensive end-to-end homecare solution to help people who are aging or have disabilities thrive in their homes and communities. Our employees are passionate about transforming the healthcare space by building the only homecare ecosystem that fully connects patients, personal care providers, managed care organizations, and states.  HHAeXchange  is currently seeking a Principal Cloud Security Engineer to join our growing Cybersecurity team.  In this role you will be responsible for leading and driving security posture validation, managing & implementing technical solutions, driving improvements, creating security standards & policies, maintenance of re-usable & secure solutions, and functioning as a subject matter expert on services provided to the organization. The Principal Cloud Security Engineer also builds and maintains strong relationships across HHAeXchange, technical teams, and customers and ensures that the overall security strategy is aligned with both HHAeXchange’s strategic objectives and Security & Compliance requirements. You will maintain a senior level of expertise in multiple technical domains (focused in Cloud & Incident Response), perform proof-of-concept engagements, adopt forward-looking & business-aligned technology platforms and expand areas of expertise as the business evolves. To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Essential Job Duties Cloud Security Architecture: • Design and guide secure architectures across AWS, Azure, and GCP. • Define and enforce security baselines aligned with NIST 800-53, HITRUST, and CIS Benchmarks • Lead threat modeling, architecture reviews, and secure design guidance for cloud workloads DevSecOps & Automation: • Build and maintain Infrastructure as Code using Terraform (preferred) and cloud-native tooling • Integrate automated security controls into CI/CD pipelines (SAST, DAST, IaC scanning, container scanning) • Implement policy-as-code guardrails using tools such as AWS SCPs and cloud-native governance services • Develop automated remediation and enforcement workflows to reduce manual security effort Governance, Compliance & Visibility: • Embed compliance controls directly into cloud infrastructure and pipelines to support ATO efforts • Partner with compliance teams and auditors on evidence collection and continuous monitoring • Implement centralized logging, monitoring, and incident response across cloud environments Technical Leadership: • Serve as the senior cloud security SME for engineers, architects, and stakeholders • Mentor engineers on secure cloud development and DevSecOps practices • Translate complex security concepts to both technical and non-technical audiences • Provide daily oversight of security operations, to include the security impact analysis of proposed system modifications and implementations. • Monitor information security tools, including SIEM, system monitors, access control, and other specific cloud security controls Other Job Duties • Other duties as assigned by supervisor or HHAeXchange exchange leader. Travel Requirements • Travel up to 10%, including overnight travel Required Education, Experience, Certifications and Skills • Bachelor’s degree in Computer Science or a related technical field, or equivalent practical experience. • 8 + years of experience in the support of security-focused tools and services. • Minimum of 3 years of experience in support of security for Cloud Architectures. • Technical experience or understanding of commonly used EDR (e.g., SentinelOne, Carbon Black, Trend Micro, Crowdstrike, Microsoft Defender), network firewall (Palo Alto, Fortinet, AWS Firewall, Azure Firewall, Google Cloud Firewall), email security (Mimecast, Proofpoint), and workforce (O365, G Suite) software, technologies and standards. • Experience with Azure Security Center, AWS Security Hub, or Google Cloud Security. • Experience with security monitoring solutions (e.g., AWS CloudTrail, Azure Log Analytics, Google Cloud Audit Logs, SIEM, Cloud Security, or Cloud-Scale Monitoring). • Experience with securing CI/CD pipelines (e.g., Jenkins, git, CircleCI, TeamCity, Checkov, Fugue, Sentinel). • Experience with scripting and programming languages such as Python, Bash, Jinja, YAML, etc. • Comfort working in Linux, Windows, and Cloud Provider CLI. • Willingness to explore and adopt AI tools responsibly to enhance productivity and innovation in your role The base salary range for this US-based, full-time, and exempt position is $160,000-175,000/yr, not including variable compensation. An employee’s exact starting salary will be based on various factors including but not limited to experience, education, training, merit, location, and the ability to exemplify the HHAeXchange core values.   This is a benefits-eligible position. HHAeXchange offers competitive health plans, paid time-off, company paid holidays, 401K retirement program with a Company elected match, including other company sponsored programs.   HHAeXchange is an equal-opportunity employer. The Company offers employment opportunities to all applicants and employees without regard to race, color, religion, national origin, sex, sexual orientation, gender identity or expression, age, disability, medical condition, marital status, veteran status, citizenship, genetic information, hairstyles, or any other status protected by local or federal law.