Cloud Security Engineer

ABOUT TOMORROW HEALTH

Tomorrow Health enables exceptional healthcare for patients and their families in the place they want to be most — home. At Tomorrow Heath we build technology that rewires the way home-based care is ordered delivered and paid for. Tomorrow Health connects patients providers health plans and home-based care suppliers to ensure patients receive the correct and timely care they need to remain healthy at home.

We believe that a team’s strength is in its people. Our goal is to raise the industry standard for patient experience and we realize this cannot be achieved without a team that reflects the vast diversity in race ethnicity gender sexuality and set of experiences and perspectives of the patients we serve. We believe in putting patients first that many perspectives are stronger than one and in treating those we serve just as we would our own family members. If you’re passionate about improving healthcare delivery leveraging technology to serve people and working in a collaborative diverse environment we hope you’ll join us.

THE TEAM

The Technology team at Tomorrow Health builds the software and technologies that connect and scale the home health ecosystem in order to transform the home into the preferred place of care for positive patient outcomes. Our products serve a diverse set of users – doctors insurance companies medical equipment suppliers and care coordinators – and ultimately enable us to deliver a higher quality patient experience. Our team of mission-driven technologists is highly collaborative supportive empathetic curious and impact-oriented. We are dedicated to leveraging data-driven insights to enable a faster simpler and more transparent process for patients and healthcare partners.

THE ROLE

This is a contract role for 6-9 months.

Tomorrow Health is committed to ensuring the highest standards of security and compliance. As we continue to build our security and compliance program we are seeking a talented and experienced Cloud Security Engineer to join our team on a contract basis. This role will be instrumental in implementing and maintaining security controls to achieve and maintain SOC 2 Type 2 compliance. In addition they will partner with our Engineering team to integrate security practices into our DevOps processes ensuring robust security controls are in place to protect our systems and data

In this role you will:

• Design and implement security controls and processes to meet SOC 2 Type 2 requirements. Partnering with the Engineering team you will:

  • Implement code scanning and network vulnerability scanning solutions.

  • Implement security monitoring logging and alerting systems.

  • Implement and manage our Web Application Firewall

  • Integrate security tools and practices into the CI/CD pipeline.

  • Review our infrastructure and network security make recommendations for enhancements and lead the implementation of those changes.

  • Ensure encryption and key management practices are adhered to across all systems and data.

• In addition you will:

  • Develop documentation for security policies procedures and controls.

  • Collaborate with development and operations teams to embed security practices throughout the software development lifecycle and provide training and guidance to team members on secure coding practices.

  • Assist with audits and assessments related to SOC 2 Type 2 compliance.

ABOUT YOU

• 5+ years of experience in a DevSecOps Cloud Security or similar role.

• Knowledge of HIPPA SOC 2 Type 2 HITRUST or ISO 27001 requirements and experience implementing controls to meet these standards.

• Deep understanding of AWS cloud platform infrastructure and securing environments on AWS

• Proficiency with infrastructure as code (Terraform Pulumi etc.) and containerization (Docker Kubernetes etc.). Strong preference for Terraform experience.

• Strong knowledge of CI/CD tools (CircleCI Github Actions GitLab CI etc.) and integrating security into these pipelines.

• Proficiency with security tools such as SAST DAST SIEM and vulnerability scanners.

• Strong communication and collaboration skills.

• Current with emerging security trends threats and technologies.

Preferred Qualifications:

• Proficiency with security tools such as SAST DAST SIEM and vulnerability scanners.

• Certifications such as CISSP CISM CEH or similar.

• Experience with automated compliance frameworks (Vanta Drata) and tools.

• Experience with security incident response and forensics.

Pay rate for this position: $50 to $70/hour depending on experience and qualifications

Learn more about our core values and working with us on our careers page!

Tomorrow Health is an Equal Opportunity Employer and does not discriminate on the basis of race religion color sex gender identity sexual orientation age non-disqualifying physical or mental disability national origin veteran status or any other basis covered by appropriate law.