Cloud Security Engineer
About Us
At SimplePractice, our team is dedicated to improving the health and wellness industry by building a suite of innovative solutions for practitioners and their clients. Our product supports practitioners on their clinical journey to becoming licensed, helps them manage their business and practice once they’re up and running, and enables new clients to discover and interact with practitioners. Taking a practitioner-first approach in everything we do makes it possible for health and wellness practitioners to devote more time to their clients while they use SimplePractice to start, grow, and maintain a successful private practice.
The Role
SimplePractice is seeking a Cloud Security Engineer who will implement innovative information security controls that mitigate SimplePractice’s risk, empower innovation and show continued dedication to security for our customers and their clients.
Responsibilities
- Understand technical implementation details necessary to identify and assess security risks and recommend mitigating controls
- Conduct internal and external vulnerability assessments, scans, and security audits
- Work collaboratively with the DevOps group to deploy (AWS) cloud-specific security solutions and controls
- Collaborate with the software engineer group to ensure appropriate application security controls and measures are in place to avoid potential security issues due to application faults
- Implement, maintain, and manage SOC monitoring tools
- Participate in the development and oversight of required corrective action plans relating to security compliance issues
- Support business relationships with the internal and external security auditors and regulators
- Identify, research and evaluate new security requirements and ensure they are incorporated into SimplePractice’s security policy framework
- Support the communication of policies, procedures, and plans to internal stakeholders regarding security best practices around applicable laws, regulations and controls
- Support the identification, validation and remediation of information technology controls
- Be responsible for Data Security Standards (HITRUST and PCI), regulations governing personally identifiable information (PII) and other applicable regulatory compliance frameworks
- Partner with internal teams to ensure successful security programs that align with compliance requirements
- Understand the security needs of internal and external stakeholders around external business partners and maintain a process that meets stakeholder needs
- Manage daily activities and functions of the external business partner management program
- Coordinate and drive business partner security assessment activities for both inbound and outbound relationships
Desired Skills & Experience
- 5+ years experience in information security in a cloud setting (AWS, Azure, Google Cloud)
- 2+ years experience supporting compliance programs within the technology space
- 5+ years experience in security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
- Project management skills
California Job Applicant Privacy Notice
Thank you for your interest in opportunities at SimplePractice LLC (“SimplePractice” or “us” or “we” or “our”). Please note that when you submit your resume or application materials to us for employment purposes, we may collect the following categories of personal information about you:
- Identifiers (e.g., name, address, email address, and phone number); protected characteristics (e.g., sex, gender, age, citizenship, disability status, and veteran status); professional or employment-related information (e.g., employment history, educational background, certificates and licenses, work eligibility information and other information obtained from your resume, cover letter, your responses to our application questions, background check forms, and your references); other personal records (e.g., signature, photograph, and criminal background information); and inferences drawn from personal information collected (e.g., creating a profile that reflects your abilities and aptitudes).
We collect the above categories of personal information for the following business purposes:
- To perform recruitment and hiring services; to manage the workforce; to comply with federal and state laws, and to maintain security (e.g., to detect and prevent against security risks and incidents, to prevent against fraudulent or illegal activity, and to ensure compliance with our company policies and procedures).
For more information about our privacy practices, please visit our Privacy Policy or contact us at [email protected].