The Aspen Group (TAG) is one of the largest and most trusted retail healthcare business support organizations in the U.S. and has supported over 20,000 healthcare professionals and team members at more than 1,300 health and wellness offices across 48 states in four distinct categories: dental care, urgent care, medical aesthetics, and animal health. Working in partnership with independent practice owners and clinicians, the team is united by a single purpose: to prove that healthcare can be better and smarter for everyone. TAG provides a comprehensive suite of centralized business support services that power the impact of five consumer-facing businesses: Aspen Dental, ClearChoice Dental Implant Centers, WellNow Urgent Care, Chapter Aesthetic Studio, and AZPetVet. Each brand has access to a deep community of experts, tools and resources to grow their practices, and an unwavering commitment to delivering high-quality consumer healthcare experiences at scale.

Our continued growth has created an opportunity to join our team as a Cloud Security Engineer.

The cloud security engineer helps architect, deploy and operate a secure cloud application infrastructure that aligns with business needs. The position is responsible for supporting operational innovation and providing security direction to the business to elevate the company’s security posture within a cloud computing infrastructure. The cloud security engineer is also expected to possess advanced administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. The cloud security engineer should be adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance.

In tandem with security leadership, cloud security engineers consistently assess the threat landscape and adapt quickly to protect the business from risk. They must be highly technical and possesses at least 3-5 years’ experience in security and systems administration across a wide variety of cloud infrastructure, including software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS). They are also expected to have a strong work ethic, leverage analytical and critical thinking, and be skillful at meeting change requests at a moment’s notice. Because the role often interfaces with other business units, strong listening and communication skills are expected.

Responsibilities:

• Plan, implement, automate, manage, and monitor cloud security controls.
• Perform assessments of resource architecture and configurations against security baseline
• Provide technical assistance and guidance to product and development teams in complying with security controls and industry best practices.
• Monitor and manage cloud security events and support incident response processes as needed.
• Design and deploy tooling, dashboards, scripts, and automation to enhance cloud security posture, detection, and response.
• Design and deploy tooling, dashboards, scripts, and automation to make adoption of secure configurations desirable for product, application, and development teams.
• Build prototypes and perform proof of concepts to demonstrate value.
• Secure business applications and computing environments across public, private or hybrid cloud infrastructures.
• Protect business applications in compliance with privacy, security, business resiliency and compliance frameworks as defined in corporate policies.
• Deploy strong identity and access management (IDAM) controls across applications and computing environments.
• Assist with development, maintenance and utilization of scripts (e.g., Python, Ruby, etc.) to support custom extract, transform load (ETL) tools with a security focus for data flow.
• Attend regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations.
• Actively monitor, assess and recommend tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments.
• Manage remediation efforts after security assessment findings outline weaknesses requiring attention.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Assist in maintaining strong oversight with cloud computing vendors and solution providers to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
• Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply learned knowledge across key lines of business, including products, practices and procedures.
• Act as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement with security operations and incident response teams.
• Attend and fully engage in change and project management meetings.

Experience:

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• Holds or working toward one or more including: CCSP, CISSP, GCP / Azure Cloud Security Engineer
• At least 3-5 years’ experience in cybersecurity as a practitioner and with at least 2 years exposure with Google Cloud Platform (GCP), Microsoft Azure, or Amazon Web Services (AWS).
• Experienced in cloud networking architecture and cloud operations, with cloud access security broker (CASB) experience preferred.
• Familiarity with tools such as Git, Jenkins, Chef, Puppet and Salt.
• Network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP and public key infrastructure (PKI).
• IDAM experience, including OAuth and OpenID.
• Familiarity with security solutions such as Orca Security, as well as tool such as Docker and Kubernetes.
• Familiarity with scripting languages such as Python, Ruby, PowerShell and JavaScript.
• Experienced in the use of threat intelligence services in a production environment.
• Experience and understanding of various regulatory requirements and laws, including but not limited to: Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), etc. Additionally, experience in one or more of the following: ISO 27001/2, CIS, ITIL or NIST.
• Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Demonstrated problem-solving abilities to manage complex local and international security requirements.
• Self-motivated and -directed, well-organized and able to position controls in anticipation of threats.
• Successful track record collaborating with technical and non-technical teams to promote ideas to support business enablement.
• Familiarity with international and state privacy laws.
• Experience writing technical documentation.
• Highly trustworthy; leads by example.

Salary: $119,000 - 160,000/year