[Remote] Cloud Network Security Engineer - DLP
Note: The job is a remote job and is open to candidates in USA. Prospance Inc is a leading healthcare technology innovator, seeking a Cloud Network Security Engineer with expertise in Data Loss Prevention (DLP). This senior role involves designing and securing cloud infrastructure, implementing DLP controls, and embedding Zero Trust principles across multi-cloud environments.ResponsibilitiesDesign, implement, and operate secure cloud network architectures in AWS, Azure, and/or GCP including VPCs/VNets, subnets, route tables, security groups, NSGs, Transit Gateways, and PrivateLink/Private EndpointConfigure and harden cloud-native firewalls and security services (AWS Network Firewall, Azure Firewall, GCP Cloud Armor, Security Hub, Sentinel, Security Command Center)Design and implement comprehensive Data Loss Prevention (DLP) strategies across cloud environments protecting sensitive healthcare data in transit and at restDeploy and manage DLP solutions (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec) to prevent unauthorized data exfiltrationConfigure DLP policies and rules for healthcare data classification, detection, and remediation aligned with HIPAA and PHI protection requirementsMonitor and analyze DLP events, alerts, and incidents; investigate suspicious data movement patterns and respond to potential data breachesImplement secure hybrid connectivity using Direct Connect, ExpressRoute, Cloud Interconnect, IPsec VPNs, and SD-WAN where applicableBuild and maintain Zero Trust and microsegmentation strategies for cloud workloads with identity-aware access and least-privilege network policiesAuthor and maintain Terraform/CloudFormation modules for network security and DLP infrastructure making secure configurations the defaultAutomate network security and DLP tasks using Python, Bash, or PowerShell including policy validation, drift detection, and incident responseIntegrate network security and DLP controls into CI/CD pipelines ensuring reviewed, tested, and safe deploymentsOperate cloud network monitoring and detection using VPC Flow Logs, GuardDuty, Defender for Cloud, and feed security and DLP signals into SIEMConduct network security and DLP assessments including penetration testing and vulnerability scans in cloud-native environmentsDevelop and enforce network security and DLP policies aligned with HIPAA, PHI protection, and healthcare compliance requirementsSkills7+ years network security engineering with minimum 3+ years hands-on in AWS, Azure, or GCP (not just exposure)3+ years hands-on experience designing and implementing DLP solutions in cloud environmentDemonstrated expertise with DLP tools and platforms (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec, Mcafee, or equivalent)Proven production experience securing cloud infrastructure: VPC/VNet design, security groups/NSGs, cloud firewalls, IAMActual job bullets demonstrating: VPC/VNet architecture, security groups/NSGs configuration, cloud-native security services implementation, DLP policy configurationStrong understanding of data classification, sensitive data detection, and data protection in regulated healthcare environmentExperience with DLP incident response, forensic analysis, and breach investigationDeep expertise in one cloud with working knowledge of a second (multi-cloud background)Advanced DLP implementation experience across multiple cloud platformsExperience with cloud-native DLP platforms (Cloudflare Data Loss Prevention, AWS Macie with custom data classification)Container and Kubernetes networking security (network policies, service mesh, EKS/AKS/GKE)Zero Trust, SASE, and microsegmentation in cloud/hybrid contextCloud-native security platforms: Security Hub, Azure Sentinel, GCP Security Command Center, Wiz, Prisma CloudKnowledge of PHI (Protected Health Information) data handling and HIPAA DLP requirementsDevSecOps practices and CI/CD security integrationHealthcare, finance, or government experience with HIPAA, PCI-DSS, SOX, or HITRUST exposureCloud certifications: AWS Advanced Networking/Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security EngineerCISSP, CCNP Security, or CCSP certified Data Protection Officer (CDPO) or equivalent DLP certificationCompany OverviewProspance is an information technology company that provides staffing and project implementation services. It was founded in 2009, and is headquartered in Fremont, California, USA, with a workforce of 201-500 employees. Its website is http://prospanceinc.com.