What are the responsibilities and job description for the Senior Security Engineer - SOC 2, HITRUST & HIPAA position at eSolutionsFirst, LLC?
Senior Security Engineer – SOC 2, HITRUST & HIPAA Compliance
6 -12 Months contract – extension (W2 - Contract)
McLean , VA – On-site M-F
Job Description:
Position Summary:
- Seeking a hands-on Senior Security Engineer to lead security controls, cloud security, compliance initiatives, and audit readiness for SOC 2 Type II, HITRUST, and HIPAA.
- This role partners with Engineering, Product, and Compliance teams to implement, automate, and maintain security programs across the organization.
Key Responsibilities:
- Lead implementation and maintenance of SOC 2, HITRUST, and HIPAA security controls.
- Manage audit readiness, evidence collection, remediation, and assessor coordination.
- Conduct security risk assessments and ensure protection of sensitive healthcare data.
- Design and secure AWS, Azure, and/or Google Cloud Platform environments.
- Integrate security into CI/CD pipelines and automate compliance monitoring.
- Manage vulnerability management, SIEM monitoring, threat detection, and incident response.
- Support customer security reviews and technical security assessments.
Required Qualifications:
- 5 years of experience in Security Engineering, Cloud Security, DevSecops, or Security Architecture.
- Hands-on experience with SOC 2, HITRUST, and HIPAA compliance programs.
- Strong knowledge of AWS, Azure, or Google Cloud Platform security.
- Experience with SIEM, vulnerability management, CSPM, and security automation tools.
- Proficiency in Python, Bash, or similar scripting languages.
- Experience with Docker, Kubernetes, Terraform, encryption, and secrets management.
Preferred Qualifications
- CISSP, CCSP, HITRUST CCSFP, AWS Security Specialty, or similar certifications.
- Experience in healthcare SaaS, digital health, or health IT environments.
- Knowledge of FedRAMP, StateRAMP, and AI/ML security.
Core Skills :
- SOC 2 • HITRUST • HIPAA • Cloud Security • DevSecops • Security Automation • Risk Management • Incident Response • Vulnerability Management • Audit Leadership.