Security Engineer

Who We Are:

The Association of American Medical Colleges is a not-for-profit association dedicated to transforming health care by supporting the entire spectrum of medical education, medical research, and patient care conducted by our member institutions. We are dedicated to the communities we serve and steadfast in our goal to improve the health of all.

At the AAMC, we are committed to supporting our employees with a comprehensive benefits package designed to promote well-being, professional growth, and work-life balance. Highlights include:

• Remote Work – Fully remote work available for most positions 

• Retirement Savings – Generous 403(b) employer contributions and financial wellness resources, including professional financial advising. 

• Health & Wellness Perks – Fitness and bicycle subsidies, on-site and virtual wellness programs (live yoga, meditation, mental health webinars, flu shot clinics, and more) 

• Support & Family Care – Employer paid Employee Assistance Program (EAP) and back-up care options for children, adults, elders, and even pets 

Additional information can be found on our website.

Why us, why now?

The Cloud Security Engineer will be responsible for securing and optimizing our AWS and Azure cloud infrastructures by managing services such as AWS IAM, VPC, GuardDuty, CloudTrail, KMS, Security Hub, as well as Azure equivalents including Azure AD, Azure Security Center, Azure Key Vault, Azure Monitor, and Microsoft Defender for Cloud. This role will involve implementing robust security controls, automating security processes, and ensuring compliance with industry standards across both platforms. The engineer will collaborate with DevSecOps, development teams, and leadership to integrate security into CI/CD pipelines, create incident response playbooks, and foster a culture of security. Key responsibilities also include risk mitigation, proactive threat detection, auditing for compliance, and optimizing cloud resources for both security and cost efficiency. Familiarity with Splunk, Azure IAM, and cross-cloud security practices is a strong plus

How will you make an impact?

Comprehensive security solutions

Design, implement, and manage comprehensive security solutions across AWS cloud environments, ensuring continuous protection and operational integrity

Best practices alignment

Specialize in reviewing AWS cloud infrastructure and network configurations for compliance with AAMC security standards and cloud security best practices.

Review Change Requests

Evaluate and approve security-related Change Page 2 of 5 Requests, providing technical consultation on system enhancements or configuration adjustments, ensuring alignment with security policies, risk management strategies, and industry best practices

Automation

Evaluate, recommend, obtain, or develop (as appropriate) automation solutions to streamline security operations, reducing manual tasks while improving response times and consistency in threat detection and mitigation

Enforce security policies

Operationalize and enforce security policies and standards across environments, while actively contributing to the creation, refinement, and continuous improvement of security frameworks and guidelines to align with evolving threats and compliance requirements.

Optimize Existing Technologies

Continuously evaluate and refine deployed cloud solutions to improve performance, scalability, and operational efficiency

Collaboration

Continuously evaluate and refine deployed cloud solutions to improve performance, scalability, and operational efficiency

What you will bring to the role

• Bachelor’s degree in Computer Science / Information Security / Cybersecurity § Information Technology OR additional related work experience

• 5 - 7 years of related work experience

• To effectively engage with teams, technical knowledge and the following are required:

  • Collaboration and communication – to interact with devs, ops, compliance teams.

  • Understanding DevSecOps culture – AWS environments are fast-paced and automated.

  • Documentation and Reporting – ability to create security documentation, risk assessments, and incident reports.

  • Threat modeling & risk assessment – being able to communicate risks in business terms.

  • Experience with Security technology as they relate to IaaS, PaaS and SaaS Ability to work independently and manage multiple priorities Demonstrated ability to document and articulate control requirements Demonstrate the ability to collaborate with different levels of the organization and cross discipline teams.

• Preferred Experience:

  • Hands-on experience with:

  • AWS and Azure IAM (Identity and Access Management) – policies, roles, federation, permissions boundaries.

  • AWS Networking – VPCs, security groups, NACLs, private/public subnets, AWS WAF.

  • CloudTrail & GuardDuty – monitoring and threat detection.

  • Encryption & KMS – securing data at rest/in transit, key rotation policies.

  • Logging & Monitoring – with CloudWatch, Config, AWS Security Hub.

  • DevSecOps concepts – integrating security in CI/CD pipelines (e.g., using tools like AWS CodePipeline + security scans).

  •  Incident Response in AWS – playbooks, containment, forensics.

  • Software as a Service (SaaS), (Infrastructure as a Service (IaaS), Platofrm as a Service (PaaS)

  • Splunk and Splunk Enterprise Security.

  • Use cases to build detections for:

    • Unauthorized API calls

    • Public S3 buckets

    • Suspicious IAM activity

    • Lambda privilege escalation

    • EC2 metadata abuse

    • How to reduce false positives and tuning thresholds Build dashboards, alerts, and correlation rules to detect suspicious behavior in AWS.

    • Knowledge of Microsoft Azure and Ping Identity are a plus.

Certifications (Preferred):

· AWS Cloud Practitioner

· CISSP, CSSP, or equivalent

· AWS Certified Security – Specialty

· AWS Certified Solutions Architect – Associate

· Azure Security Engineer Associate

· Google Professional Cloud Security Engineer

· SANS GIAC Cloud Security Essentials

 

Remote Work Eligibility

This position is eligible for remote work in the contiguous US

Compensation Grade Range

$113,560.00-$133,600.00

Multiple factors are taken into consideration to arrive at the final hourly rate/annual salary to be offered to the selected candidate. Factors may include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, as well as internal equity, market, and business considerations.

If a bachelor’s degree is required, related work experience may be substituted in some positions.  One year of college course work at an accredited institution is equivalent to one year of related work experience.

The Association of American Medical Colleges (AAMC) is an Equal Opportunity/Affirmative​​ Action Employer.  The AAMC is committed to the policy of an equal employment opportunity in recruitment, hiring, career advancement, and all other personnel practices. The AAMC will not discriminate on the basis of race, color, sex, national origin, religion, age, marital status, personal appearance, sexual orientation, gender identity or expression, family responsibilities, matriculation, political affiliation, genetic information, disability, past or current military service, or any other legally protected characteristic.

Please attach a resume as part of the application process. It is important that files DO NOT include periods ( . ) within the file name.

BROWSER REQUIREMENTS: Applications must be submitted using Chrome, Mozilla Firefox, Safari, or Microsoft Edge.