Principal Engineer, Cloud Security (Remote)

CentralReach is the #1 provider of SaaS software solutions for autism care. Trusted by more than 115,000 users, we enable therapy providers, educators, and employers to scale the way they deliver Applied Behavior Analysis therapy with innovative technology, market-leading industry expertise, and world-class customer satisfaction.
As a Principal Engineer, Cloud Security, you will drive the design and implementation of security solutions in support of CentralReach’s cloud strategy. You will be responsible for securing cloud infrastructure, platforms, software and will work with the Development, Engineering/Ops teams to install, maintain, and upgrade the organization's cloud computing environments and core infrastructure.

Key Accountabilities:

• Create security architecture and design patterns for CR services based on industry best practices.
• Advise development teams throughout the secure SDLC process on security-related domains.
• Develop security solutions/tools/configurations that can be leveraged by CR teams for various security-related use cases such as enabling secure remote access, improving the security posture of cloud services, etc.
• Build threat detection rules and auto-remediation capabilities to mitigate the identified threats at scale.
• Develop security requirements and standards in collaboration with technical teams to safeguard the Internal as well as customer-facing cloud infrastructure, applications, and data.
• Support day-to-day execution of security processes in areas related to perimeter and endpoint security, cloud security posture management, vulnerability management, security observability, and security operations.
• Leverage coding skills and experience working with Infrastructure as code (IaC) pipelines to develop, manage, and govern cloud security solutions and safeguards on the AWS platform.
• Strongly contribute to security initiatives and projects.
• Deep technical knowledge and experience identifying triaging and remediating application vulnerabilities, including OWASP top 10.
• Strong knowledge of cloud technologies and cloud infrastructure, including networking, VPCs, TGWs, VPNs, DNS in AWS
• Manage infrastructure level security capabilities e.g., firewalls, DDoS protection, network/fault domain isolation, IAM policy generation and enforcement, user/resource movement monitoring within the cloud environment and other access controls

Desired Skills and Experience:

• Bachelor’s degree.
• At least one current security-oriented certification (ex: CISSP, CSSP, CISM, CISA, CEH etc.,) is required.
• 10+ year experience in application security engineering.
• Hands-on experience implementing, managing, and monitoring security tools and technologies related to SOAR, SIEM, DLP, EDR, IAM, PAM, NAC, IDS/IPS, etc.
• Must have implemented DDoS and WAF protection layers on web applications
• Solid understanding of network topologies, protocols, defense principles, common attack vectors, and attacker techniques.
• Deep technical knowledge and experience identifying triaging and remediating application vulnerabilities, including OWASP top 10.
• Experience in implementing static code analysis tools as part of CI/CD pipelining.
• Experience in tools such as Veracode / blackduck and be well versed with "Secure Coding" principles.
• Experience in Web Application Scanning tools like Qualis, Wiz etc.
• Experience in Privileged Access Management principle implementations, and in tools like CyberArk.
• Familiarity of regulatory compliance requirements (PCI-DSS, HIPAA, HITRUST, FISMA, SOC2 etc.,) 
• Strong knowledge of cloud technologies and cloud infrastructure, including networking, VPCs, TGWs, VPNs, DNS in AWS
• Manage infrastructure level security capabilities e.g., firewalls, DDoS protection, network/fault domain isolation, IAM policy generation and enforcement, user/resource movement monitoring within the cloud environment and other access controls
• Technical baseline skills and the ability to acquire in-depth knowledge of network and host security technologies
• Experience handling/monitoring AWS security tools.
• Strong knowledge of industry standard incident response practices and ITIL processes

#LI-Remote#LI-JM1
CentralReach was developed for Clinicians by Clinicians.  The story of CentralReach begins in 2012 when the company’s founder, a practicing Board Certified Behavioral Analyst, decided there had to be a better way to manage her operations so she could spend more time on what mattered most — working with her clients and patients. To help ABA practices focus on what they do best, CentralReach launched the first iteration of its EMR and practice management platform.
Today, under the leadership of Chris Sullens, an award-winning CEO in the technology space, CentralReach is committed to their mission of providing cutting-edge technology and services to help clinicians and educators produce superior client and patient outcomes. Already a market leader, CentralReach is expected to grow exponentially through its four core tenets: hire and develop great people; build industry-leading products; provide exceptional service to customers and continuously invest in systems, processes and infrastructure. We value our employees and offer a robust benefits package including health and dental, paid time off, life insurance, disability coverage and a 401(k) matching. We also provide comprehensive onboarding, ongoing training, mentoring and career pathing to help you develop your career. We pride ourselves on our fun and energetic environment that also provides our employees with a meaningful way to make a difference by helping clinicians produce superior outcomes for children and adults with disabilities.