Senior Cloud App Security Engineer
MLMIC Insurance Company is based in New York state and has specialized in providing professional liability for NY physicians since 1975. After operating independently and as a mutual insurance company for most of its existence, MLMIC was purchased by Berkshire Hathaway in the fall of 2018.
We continue to be the largest writer of professional medical liability insurance in the State of New York. We insure physicians, dentists, and hospitals. We are currently seeking a candidate to join our IT Department. We offer a competitive salary for qualified candidates with the flexibility to work remotely from home, while utilizing our offices when necessary. We have offices based in New York City, East Meadow, Syracuse, and Latham.
- Implement Cloud, SaaS, and On-premises security tools using your programming knowledge to leverage their API functions for tightly coupled integrations with our security process.
- Leverage understanding of AWS design principles to design security solutions based on AWS best practices/industry standards.
- Support regular testing and scanning of cloud products and applications to ensure compliance with security standards.
- Support IAM, SIEM, audit logging, threat detection and remediation, security group and key encryption/decryption management.
- Create CloudFormation, Security as code, Python scripts for AWS tasks.
- Develop effective SAST and DAST tools for integration in the vulnerability management program.
- Conduct regular security and risk assessments of MLMIC’s applications, infrastructure, and security controls using Pen Testing and Vulnerability Assessment tools.
- Operating Systems such as Windows Server, Linux- Ubuntu, RedHat, Kali.
- Understanding of IT compliance and risk management requirements, such as security, privacy, SOX
- Experience identifying and helping to resolve common application security flaws (e.g., OWASP, SANS).
- Experience working with AWS and other cloud environments, reviewing security scans and remediating vulnerabilities, and Amazon Web Services or Microsoft Azure
- Experience analyzing complex systems to perform Threat Models.
- 7+ years of experience
- High School or Bachelor’s Degree in MIS, CS, Business Administration
- Strong interpersonal and communication skills
- Troubleshooting and problem-solving skills with an eye for details
- Experience in Excel, VBA Scripting, Python, Word
- CASE, CASS, GWEB, CCSP, OSCP, AWS Solutions- Professional or equivalent. AWS DevOps Engineer, AWS Certified Developer, CCSP.
- Familiarity with industry regulations, such as NY DFS-500, HIPPA, PCI, GDPR, and CCPA.
- Experience tuning security configurations of AWS and Web-application firewalls.
- Experience with Infrastructure-as-Code (Terraform, Ansible, etc.) and Security-as-Code.
- Basic understanding of compliance and security standards: PCI DSS, SOC 1&2, ISO, NIST, FISMA, HIPAA, NIST
To apply for this position, please apply online or submit your resume to Brian Lohan at firstname.lastname@example.org.
Please be aware that this position is fully remote.