Overview

Fred Hutchinson Cancer Center is an independent, nonprofit organization providing adult cancer treatment and groundbreaking research focused on cancer and infectious diseases. Based in Seattle, Fred Hutch is the only National Cancer Institute-designated cancer center in Washington.

With a track record of global leadership in bone marrow transplantation, HIV/AIDS prevention, immunotherapy and COVID-19 vaccines, Fred Hutch has earned a reputation as one of the world’s leading cancer, infectious disease and biomedical research centers. Fred Hutch operates eight clinical care sites that provide medical oncology, infusion, radiation, proton therapy and related services, and network affiliations with hospitals in five states. Together, our fully integrated research and clinical care teams seek to discover new cures to the world’s deadliest diseases and make life beyond cancer a reality.

At Fred Hutch we value collaboration, compassion, determination, excellence, innovation, integrity and respect. These values are grounded in and expressed through the principles of diversity, equity and inclusion. Our mission is directly tied to the humanity, dignity and inherent value of each employee, patient, community member and supporter. Our commitment to learning across our differences and similarities make us stronger. We seek employees who bring different and innovative ways of seeing the world and solving problems. Fred Hutch is in pursuit of becoming an anti-racist organization. We are committed to ensuring that all candidates hired share our commitment to diversity, anti-racism and inclusion.

The Cloud Security Engineer will lead the configuration, implementation, and management of our cloud enterprise security solutions across all major cloud providers. The Cloud Security Engineer is responsible for designing the security architecture for cloud-based applications and systems, implementing cloud security controls, developing procedures for incident response, and responding to security incidents. This position will play a crucial role in ensuring that cloud-based applications and services are compliant with relevant regulations and frameworks (such as HIPAA, PCI, NIST, DOJ, and other state and federal regulations). 

Responsibilities

• Collaborate with the Information Security Manager - Engineering & Operations to establish and enforce processes for building cloud systems consistently and in accordance with industry standards, including the AWS Security Reference Architecture and the AWS Well-Architected Framework. 
• Lead initiatives to implement controls to ensure regulatory compliance, particularly in relation to HIPAA and NIST standards, in all cloud-based projects. 
• Work closely with cross-functional teams, including the Cloud & Data Solutions team, Scientific Computing, and the Data Science Laboratory, to assess, design, and implement robust cloud security solutions. 
• Assist in defining and implementing cloud workload security measures to safeguard critical clinical and research data. 
• Stay abreast of emerging cloud security trends, threats, and technologies to continuously improve our security posture. 
• Work with cross-functional teams to ensure that controls are properly implemented, configured, and performing as intended in support of company security policy and applicable regulations. 
• Lead detection and response efforts for all cloud-based projects. 
• Participate in security assessments of cloud infrastructure and SaaS platforms, as necessary. 

Qualifications

MINIMUM QUALIFICATIONS:

• Bachelor’s degree or equivalent work experience in a technical discipline related to Information Technology. 
• 7 years of hands-on experience in cloud security engineering, with a focus on AWS. 
• In-depth knowledge of industry-leading security standards and frameworks, including NIST, HIPAA, ISO, CIS and PCI. 
• Experience with using cloud infrastructure as code, including Terraform, CloudFormation, Ansible, or Azure Resource Manager, and version control and CI/CD systems, including GitHub, GitLab, and AWS CodeCommit, to deploy secure cloud infrastructure. 
• Proficiency in AWS Security Reference Architecture and the AWS Well-Architected Framework. 
• Experience with secure cloud workload configurations, network security, encryption, access controls, and identity and access management (IAM). 
• Familiarity with Azure and GCP cloud platforms. 
• Ability to communicate technical information in understandable business terms. 
• Experience with DevOps practices and automation. 
• Excellent problem-solving skills and the ability to work independently and collaboratively in a team-oriented environment. 

PREFERRED QUALIFICATIONS:

• Strong understanding of healthcare data security and privacy requirements. 
• Experience in the following technologies: Security Information and Event Management (SIEM), Web Application Firewalls, Intrusion Prevention Systems, Endpoint Detection and Response, Vulnerability Management, Cloud Security Posture Management (CSPM) and data loss prevention. 
• Experience with AWS security services, such as IAM, Security Hub, GuardDuty, CloudTrail, WAF, Macie, Secrets Manager and KMS 
• Experience with scripting languages to perform advanced infrastructure security monitoring (such as Python). 
• Relevant certifications (e.g., AWS Certified Security – Specialty, CISSP, CISM, CCSP) are a plus. 

A statement describing your commitment and contributions toward greater diversity, equity, inclusion, and antiracism in your career or that will be made through your work at Fred Hutch is requested of all finalists.

The annual base salary range for this position is from $115,108.00 to $181,916.00, and pay offered will be based on experience and qualifications. Fred Hutchinson Cancer Center offers employees a comprehensive benefits package designed to enhance health, well-being, and financial security. Benefits include medical/vision, dental, flexible spending accounts, life, disability, retirement, family life support, employee assistance program, onsite health clinic, tuition reimbursement, paid vacation (12-22 days per year), paid sick leave (12-25 days per year), paid holidays (13 days per year), paid parental leave (up to 4 weeks), and partially paid sabbatical leave (up to 6 months). 

Our Commitment to Diversity

We are proud to be an Equal Employment Opportunity (EEO) and Vietnam Era Veterans Readjustment Assistance Act (VEVRAA) Employer. We are committed to cultivating a workplace in which diverse perspectives and experiences are welcomed and respected. We do not discriminate on the basis of race, color, religion, creed, ancestry, national origin, sex, age, disability (physical or mental), marital or veteran status, genetic information, sexual orientation, gender identity, political ideology, or membership in any other legally protected class. We are an Affirmative Action employer. We encourage individuals with diverse backgrounds to apply and desire priority referrals of protected veterans. If due to a disability you need assistance/and or a reasonable accommodation during the application or recruiting process, please send a request to our Employee Services Center at hrops@fredhutch.org or by calling 206-667-4700.