Application and Security Cloud Engineer - Full Stack

• Company is seeking a highly skilled Application & Cloud Security Engineer with full stack expertise to join the dynamic IT and security team.
• This will focus on securing our applications, cloud infrastructure, and development pipelines while supporting our mission to deliver transformative therapies.

• Collaboration & Communication: Collaboration with development teams and the ability to communicate complex security concepts to non-technical stakeholders.
• Cloud security: Design, implement, and maintain security measures across applications, cloud environments, and full stack systems.
• Security testing and vulnerability management: Conduct security assessments, threat modeling, and vulnerability management for applications and cloud infrastructure. Exposure to Pen Testing, Fuzz Testing.
• DevSecOps: Collaborate with development teams to integrate security best practices throughout the Software Development Life Cycle (SDLC). Exposure and / or experience with Automated Security Testing, Integrating Security into CI / CD Pipelines, or implementing IaC security best practices.
• Monitor, detect, and respond to security incidents in cloud and application environments.
• Compliance and Regulatory Requirements: Ensure compliance with industry standards and regulatory requirements, including HIPAA, GDPR, and biotech-specific guidelines. Exposure to various Security Frameworks - NIST, OWASP Top 10 etc.
• Develop and maintain security documentation, policies, and procedures.
• Provide guidance and mentorship to engineering teams on secure coding practices and cloud architecture security.
• Support DevSecOps initiatives to automate security into CI / CD pipelines.

• Experience with containerization (e.g., Docker) and orchestration (e.g., Kubernetes).
• Familiarity with Security Information and Event Management (SIEM) systems.
• Knowledge of Identity and Access Management (IAM) systems.
• Experience with Agile Development Methodologies and Version Control Systems (e.g., Git).
• Bachelor's Degree in Computer Science, Information Security, or related field (or equivalent experience).
• 5+ years of experience in application and cloud security with hands-on full stack expertise.
• Deep understanding of cloud platforms (AWS, Azure, or GCP) and associated security practices.
• Experience with secure software development, including web and API security, containers, and microservices.
• Knowledge of security frameworks, tools, and protocols (OWASP, SAST / DAST, IAM, encryption, SIEM).
• Strong scripting / coding skills (Python, Java, JavaScript, or similar).
• Excellent problem-solving skills and ability to work collaboratively in a fast-paced biotech environment.

• Familiarity with regulatory compliance in biotech or healthcare.
• Certifications such as CISSP, CCSP, AWS / Azure Security Specialty, or GIAC.
• Exposure to biotech or healthcare compliance frameworks (HIPAA, GxP).
• Experience with SIEM tools (Splunk, ELK, Datadog Security).
• Background in threat hunting, penetration testing, or forensics.
• Strong mentorship, training, or leadership skills.

• 401k Retirement Savings Plan administered by Merrill Lynch
• Commuter Check Pretax Commuter Benefits
• Eligibility to purchase Medical, Dental & Vision Insurance through ECLARO

Eclaro