Putting People First in Pharmacy- Navitus was founded as an alternative to traditional pharmacy benefit manager (PBM) models. We are committed to removing cost from the drug supply chain to make medications more affordable for the people who need them. At Navitus, our team members work in an environment that celebrates diversity, fosters creativity and encourages growth. We welcome new ideas and share a passion for excellent service to our customers and each other.

We are unable to offer remote work to residents of Alaska, Hawaii, Maine, Mississippi, New Hampshire, New Mexico, North Dakota, Rhode Island, South Carolina, South Dakota, West Virginia, and Wyoming.

The Engineer, Cloud Security will drive continuous improvement to our cloud and will be responsible for designing, deploying, and overseeing the management of group wide security solutions and executing against the company's Information Security and Compliance roadmap. Working closely with technology partners, you will help guide the selection, implementation, and integration of various security solutions. This position has significant organizational impact, requiring enterprise perspective, knowledge, and change management skills.

The Engineer, Cloud Security will ensure that the risk posed by a variety of cyber threats is minimized. Support the Navitus IT mission through the use governance, risk and compliance activities that detect, prevent, or mitigate threats to confidentiality, integrity and/or availability of information resources on-behalf of Navitus stakeholders.

Is this you? Find out more below!

How do I make an impact on my team?

• Collaborate with development teams to integrate security measures into the software development lifecycle, review code in pipelines for vulnerabilities, and champion secure coding practices.
• Manage our internal controls program, ensuring operational effectiveness, conducting regular audits, and implementing automation for streamlined and robust security.
• Possess expertise in scripting controls, automating processes, managing AWS WAF rules, and utilizing CDK nag rules for preventive controls.
• Map out potential attack scenarios (threat modeling) for our most critical applications and implement countermeasures to stay ahead of the game.
• Analyze and improve existing security policies, identify, and patch vulnerabilities in applications and infrastructure, and lead key security programs and projects.
• Develop and implement DevSec practices to integrate security into the software development lifecycle.
• Assist with evaluating or creating new technologies and services to solve complex security issues.
• Use software to detect, remediate, and enforce security standards within an AWS and Azure environment.
• Conduct security assessments of cloud applications and APIs.
• Participate in the development of cloud API, Cloud Application Security and Cloud Security monitoring controls to ensure reliable service delivery and efficient use of all resources.
• Perform analysis of log files and data outputs. Perform triage of incoming issues using a ticketing & tracking system

What our team expects from you?

• 4-year degree in Computer Science, Business, Healthcare or other technology/security discipline
• Must have at least seven-ten (7-10) years of information security experience in designing, deploying, managing, monitoring, and evaluating advanced cybersecurity.
• Focus on the minimal level of qualifications and refrain from adding preferred requirements or saying certain skills are a 'plus'.
• Experience in incident response, engineering, cloud architectures, tuning, etc. in a SaaS environment.
• Have a strong understanding of application architectures and security.
• Has knowledge of securing code and best practices.
• Proficiency in programming or scripting languages.
• Provide security training and awareness to developers and other employees.
• Document security policies and procedures.
• Participate in proof of concepts and other technical evaluations of technologies, designs, and solutions and provide recommendations.
• Hands-on knowledge of automation skills, dev ops skills, etc.
• Candidates with certification in information security (Azure Fundamentals/AZ-900, CISSP, CISM, etc.) or comparable work experience preferred.
• Risk analysis/assessment experience a plus. Knowledge of healthcare industry practices, HIPAA, and applicable data privacy practices preferred.
• Experience with security tools and frameworks like AWS WAF, CDK, and threat modeling methodologies.
• Experience with APIs and DevSec practices.
• Participate in, adhere to, and support compliance program objectives
• The ability to consistently interact cooperatively and respectfully with other employees

What can you expect from Navitus?

• Hours/Location: Monday-Friday 8:00am-5:00pm, CST-Remote
• Paid Volunteer Hours
• Educational Assistance Plan and Professional Membership assistance
• Referral Bonus Program - up to $750!
• Top of the industry benefits for Health, Dental, and Vision insurance, Flexible Spending Account, Paid Time Off, Nine paid holidays, 401K, Short-term and Long-term disability, College Savings Plan, Paid Parental Leave, Adoption Assistance Program, and Employee Assistance Program

#LI-Remote