Sentara Healthcare is seeking to hire a qualified individual to join our team as a Senior Cloud Cyber Security Engineer.

Position Status: Full-time, Day Shift

This position is 100% Remote but candidates must have a current residence in one of the follow states or being willing to relocate -

Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Washington (state), West Virginia, Wisconsin, Wyoming 

Standard Working Hours: 8:00AM to 5:00PM (ET).

Minimum Requirements:

• Proven experience (5 years) in cloud security roles, with a strong understanding of cloud platforms and services (AWS, Azure, or GCP).
• Deep knowledge of cloud security best practices, cloud-native security tools, and cloud service provider security offerings.
• Experience with cloud security assessment tools, vulnerability scanning, and penetration testing techniques.
• Familiarity with cloud identity and access management (IAM) concepts and frameworks.
• Understanding of networking, encryption, and virtualization technologies as they relate to cloud security.
• Excellent analytical and problem-solving skills, with the ability to effectively assess and communicate cloud security risks.
• Strong written and verbal communication skills, with the ability to collaborate with cross-functional teams and provide security guidance.
• Cloud security controls: Identity and Access Management (IAM), Encryption, Network Security, Compliance, Logging and Monitoring, Vulnerability Management, Disaster Recovery and Business Continuity, Cloud Access Security Broker (CASB), and Multi-Factor Authentication (MFA).
• Knowledge of various technical frameworks and concepts (MITRE ATT&CK, CIS, Kill Chain, etc)
• Experience working in a highly regulated environment.
• Ability to express complex technical concepts in business terms.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently..

Diversity and Inclusion at Sentara

Our vision is that everyone brings the strengths that come with diversity to work with them every day. When we are achieving our vision, we have team members that feel they belong and can be their authentic selves, and our workforce is reflective of the communities we serve.

We are realizing this vision through our Diversity and Inclusion strategy, which has three pillars: A diverse and talented workforce, an inclusive and supportive workplace, and outreach and engagement with our community. We have made remarkable strides in these areas over the past several years and, as our world continues to evolve, we know our work is never done.

Our strategies focus on both structural inclusion, which looks at our organizational structures, processes, and practices; as well as behavioral inclusion, which evaluates our mindsets, skillsets, and relationships. Together, these strategies are moving our organization forward in an environment that fosters a culture of mutual respect and belonging for all.

Please visit the link below to learn more about Sentara’s commitment to diversity and inclusion:

https://www.sentara.com/aboutus/mission-vision-and-values/diversity.aspx

Sentara Overview
For more than a decade, Modern Healthcare magazine has ranked Sentara Healthcare as one of the nation's top integrated healthcare systems. That's because we are dedicated to growth, innovation, and patient safety at more than 300 sites of care in Virginia and northeastern North Carolina, including 12 acute care hospitals.Sentara Benefits
As the third-largest employer in Virginia, Sentara Healthcare was named by Forbes Magazine as one of America's best large employers. We offer a variety of amenities to our employees, including, but not limited to: 

• Medical, Dental, and Vision Insurance
• Paid Annual Leave, Sick Leave
• Flexible Spending Accounts
• Retirement funds with matching contribution
• Supplemental insurance policies, including legal, Life Insurance and AD&D among others
• Work Perks program including discounted movie and theme park tickets among other great deals
• Opportunities for further advancement within our organization

Sentara employees strive to make our communities healthier places to live. We're setting the standard for medical excellence within a vibrant, creative, and highly productive workplace. For information about our employee benefits, please visit: Benefits - Sentara (sentaracareers.com) 
Join our team! We are committed to quality healthcare, improving health every day, and provide the opportunity for training, development, and growth!

Please Note: The Covid Vaccination(s) and yearly Flu Vaccination are required for employment.

Note: Sentara Healthcare offers employees comprehensive health care and retirement benefits designed with you and your family's well-being in mind. Our benefits packages are designed to change with you by meeting your needs now and anticipating what comes next. You have a variety of options for medical, dental and vision insurance, life insurance, disability, and voluntary benefits as well as Paid Time Off in the form of sick time, vacation time and paid parental leave. Team Members have the opportunity to earn an annual flat amount Bonus payment if established system and employee eligibility criteria is met.

For applicants within Washington State, the following hiring range will be applied: $81,572 to $135,954 annually.

Cloud Security Architecture and Design:

• Design and implement secure cloud architectures, ensuring adherence to best practices and compliance requirements.
• Collaborate with cloud architects and DevOps teams to integrate security controls and mechanisms into cloud environments.
• Review and assess cloud infrastructure and service configurations to identify potential security risks and recommend necessary improvements.

Cloud Security Assessments:

• Conduct regular security assessments, including vulnerability scanning, penetration testing, and security audits of cloud resources and services.
• Identify and prioritize security vulnerabilities, misconfigurations, and compliance gaps, and provide recommendations for remediation.
• Assist in implementing and maintaining security testing tools and automation scripts for continuous security assessment.

Identity and Access Management:

• Develop and implement cloud-specific identity and access management (IAM) policies and controls to ensure appropriate access rights and permissions.
• Monitor and review IAM configurations, roles, and access policies to prevent unauthorized access and privilege escalation.
• Collaborate with identity teams to integrate cloud IAM with enterprise identity and access management systems.

Cloud Security Monitoring and Incident Response:

• Implement and manage cloud security monitoring tools and solutions to detect and respond to security incidents in real-time.
• Establish incident response plans and processes specific to cloud environments, collaborating with incident response teams to investigate and mitigate cloud-related security incidents.
• Conduct post-incident analysis and implement measures to prevent similar incidents in the future.

Compliance and Governance:

• Ensure cloud infrastructure and services comply with relevant security standards, regulations, and industry frameworks (e.g., CIS, NIST, GDPR, etc.).
• Participate in security audits, assessments, and regulatory compliance activities, working with auditors to address findings and ensure compliance.
• Stay updated with evolving cloud security trends, emerging threats, and regulatory changes, and provide guidance on implementing necessary controls.

Cloud Security Education and Awareness:

• Work with Governance team to conduct training and awareness programs for cloud users, developers, and stakeholders to promote secure cloud practices and awareness of cloud-specific security risks.
• Provide guidance and recommendations on secure cloud architecture, configurations, and deployment practices to development and operations teams.

Desired Characteristics:

• Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
• Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways. Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
• Strong functional team player with experience working seamlessly across a matrix structure.
• Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.

Requirements:

• Proven experience (5 years) in cloud security roles, with a strong understanding of cloud platforms and services (AWS, Azure, or GCP).
• Deep knowledge of cloud security best practices, cloud-native security tools, and cloud service provider security offerings.
• Experience with cloud security assessment tools, vulnerability scanning, and penetration testing techniques.
• Familiarity with cloud identity and access management (IAM) concepts and frameworks.
• Understanding of networking, encryption, and virtualization technologies as they relate to cloud security.
• Excellent analytical and problem-solving skills, with the ability to effectively assess and communicate cloud security risks.
• Strong written and verbal communication skills, with the ability to collaborate with cross-functional teams and provide security guidance.
• Cloud security controls: Identity and Access Management (IAM), Encryption, Network Security, Compliance, Logging and Monitoring, Vulnerability Management, Disaster Recovery and Business Continuity, Cloud Access Security Broker (CASB), and Multi-Factor Authentication (MFA).
• Knowledge of various technical frameworks and concepts(MITRE ATT&CK, CIS, Kill Chain, etc)
• Experience working in a highly regulated environment.
• Ability to express complex technical concepts in business terms.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
• Regularly interact with all levels of management to present and discuss control effectiveness.
• Review and coordinate changes to cyber security policies, procedures, and standards.