Prospance IncRemote
Cloud Network Security Engineer - DLP
United States of America
Full Time
3 hours ago
No H1B
Key skills
PythonBashPowerShellAWSAzureGCPTerraformKubernetesEKSAKSGKECloudFormationIAMPrismaService MeshCloudflareCI/CDPenetration TestingNetwork SecurityCloud SecurityZero TrustFirewall
About this role
Prospance Inc is a leading healthcare technology innovator, seeking a Cloud Network Security Engineer with expertise in Data Loss Prevention (DLP). This senior role involves designing and securing cloud infrastructure, implementing DLP controls, and embedding Zero Trust principles across multi-cloud environments.
Responsibilities:
- Design, implement, and operate secure cloud network architectures in AWS, Azure, and/or GCP including VPCs/VNets, subnets, route tables, security groups, NSGs, Transit Gateways, and PrivateLink/Private Endpoint
- Configure and harden cloud-native firewalls and security services (AWS Network Firewall, Azure Firewall, GCP Cloud Armor, Security Hub, Sentinel, Security Command Center)
- Design and implement comprehensive Data Loss Prevention (DLP) strategies across cloud environments protecting sensitive healthcare data in transit and at rest
- Deploy and manage DLP solutions (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec) to prevent unauthorized data exfiltration
- Configure DLP policies and rules for healthcare data classification, detection, and remediation aligned with HIPAA and PHI protection requirements
- Monitor and analyze DLP events, alerts, and incidents; investigate suspicious data movement patterns and respond to potential data breaches
- Implement secure hybrid connectivity using Direct Connect, ExpressRoute, Cloud Interconnect, IPsec VPNs, and SD-WAN where applicable
- Build and maintain Zero Trust and microsegmentation strategies for cloud workloads with identity-aware access and least-privilege network policies
- Author and maintain Terraform/CloudFormation modules for network security and DLP infrastructure making secure configurations the default
- Automate network security and DLP tasks using Python, Bash, or PowerShell including policy validation, drift detection, and incident response
- Integrate network security and DLP controls into CI/CD pipelines ensuring reviewed, tested, and safe deployments
- Operate cloud network monitoring and detection using VPC Flow Logs, GuardDuty, Defender for Cloud, and feed security and DLP signals into SIEM
- Conduct network security and DLP assessments including penetration testing and vulnerability scans in cloud-native environments
- Develop and enforce network security and DLP policies aligned with HIPAA, PHI protection, and healthcare compliance requirements
Requirements:
- 7+ years network security engineering with minimum 3+ years hands-on in AWS, Azure, or GCP (not just exposure)
- 3+ years hands-on experience designing and implementing DLP solutions in cloud environment
- Demonstrated expertise with DLP tools and platforms (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec, Mcafee, or equivalent)
- Proven production experience securing cloud infrastructure: VPC/VNet design, security groups/NSGs, cloud firewalls, IAM
- Actual job bullets demonstrating: VPC/VNet architecture, security groups/NSGs configuration, cloud-native security services implementation, DLP policy configuration
- Strong understanding of data classification, sensitive data detection, and data protection in regulated healthcare environment
- Experience with DLP incident response, forensic analysis, and breach investigation
- Deep expertise in one cloud with working knowledge of a second (multi-cloud background)
- Advanced DLP implementation experience across multiple cloud platforms
- Experience with cloud-native DLP platforms (Cloudflare Data Loss Prevention, AWS Macie with custom data classification)
- Container and Kubernetes networking security (network policies, service mesh, EKS/AKS/GKE)
- Zero Trust, SASE, and microsegmentation in cloud/hybrid context
- Cloud-native security platforms: Security Hub, Azure Sentinel, GCP Security Command Center, Wiz, Prisma Cloud
- Knowledge of PHI (Protected Health Information) data handling and HIPAA DLP requirements
- DevSecOps practices and CI/CD security integration
- Healthcare, finance, or government experience with HIPAA, PCI-DSS, SOX, or HITRUST exposure
- Cloud certifications: AWS Advanced Networking/Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer
- CISSP, CCNP Security, or CCSP certified Data Protection Officer (CDPO) or equivalent DLP certification