[Remote] Cloud Network Security Engineer
Note: The job is a remote job and is open to candidates in USA. Prospance Inc is a leading healthcare technology innovator seeking a Cloud Network Security Engineer to design and secure enterprise cloud infrastructure. The role involves architecting cloud-native network security, building infrastructure-as-code automation, and embedding Zero Trust principles across multi-cloud environments, while collaborating with various teams to enhance security across the infrastructure and CI/CD pipelines.
Responsibilities
- Design, implement, and operate secure cloud network architectures in AWS, Azure, and/or GCP including VPCs/VNets, subnets, route tables, security groups, NSGs, Transit Gateways, and PrivateLink/Private Endpoints
- Configure and harden cloud-native firewalls and security services (AWS Network Firewall, Azure Firewall, GCP Cloud Armor, Security Hub, Sentinel, Security Command Center)
- Implement secure hybrid connectivity using Direct Connect, ExpressRoute, Cloud Interconnect, IPsec VPNs, and SD-WAN where applicable
- Build and maintain Zero Trust and microsegmentation strategies for cloud workloads with identity-aware access and least-privilege network policies
- Author and maintain Terraform/CloudFormation modules for network security infrastructure making secure configurations the default
- Automate network security tasks using Python, Bash, or PowerShell including policy validation, drift detection, and incident response
- Integrate network security controls into CI/CD pipelines ensuring reviewed, tested, and safe deployments
- Operate cloud network monitoring and detection using VPC Flow Logs, GuardDuty, Defender for Cloud, and feed signals into SIEM
- Lead investigation and forensic analysis for network-related security incidents in cloud environments
- Conduct network security assessments including penetration testing and vulnerability scans in cloud-native environments
- Develop and enforce network security policies aligned with HIPAA and healthcare compliance requirements
- Partner with cloud engineering, DevSecOps, and application teams to embed security best practices
- Provide technical leadership and mentorship to junior security team members
Skills
- 7+ years network security engineering with minimum 3+ years hands-on in AWS, Azure, or GCP (not just exposure)
- Proven production experience securing cloud infrastructure: VPC/VNet design, security groups/NSGs, cloud firewalls, IAM
- Actual job bullets demonstrating: VPC/VNet architecture, security groups/NSGs configuration, cloud-native security services implementation
- Working proficiency in scripting/automation: Python, Bash, or PowerShell (daily use required)
- Infrastructure-as-Code experience: Terraform preferred, or CloudFormation/Pulumi
- Strong background with network security tooling: firewalls, VPNs, IDS/IPS, DLP, encryption
- Bachelor's or Master's in Computer Science, Information Security, or related field (or equivalent experience)
- Excellent written and verbal communication skills
- Eligible to work in US without sponsorship issues (ASAP start required)
- Deep expertise in one cloud with working knowledge of a second (multi-cloud background)
- Container and Kubernetes networking security (network policies, service mesh, EKS/AKS/GKE)
- Zero Trust, SASE, and microsegmentation in cloud/hybrid contexts
- Cloud-native security platforms: Security Hub, Azure Sentinel, GCP Security Command Center, Wiz, Prisma Cloud
- DevSecOps practices and CI/CD security integration
- Healthcare, finance, or government experience with HIPAA, PCI-DSS, SOX, or HITRUST exposure
- Cloud certifications: AWS Advanced Networking/Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer
- CISSP, CCNP Security, or CCSP
Company Overview