Jobs · skipthedrive

R

Security Engineer — Application Security & Identity

Solstice Analytics · Remote · Posted 16d ago

remoteEstimated 131k-280k USD
Apply on skipthedrive

About the role

Own application security across multiple environments and enforce security controls for AWS hosted workloads.

At Solstice Analytics, making the world a healthier place isn’t just an aspiration—it’s our everyday reality. Our drive to transform healthcare is informed by our blend of deep scientific expertise, human-centred creativity, and AI-driven insights, fostering a unique environment where innovation thrives and our people are impact-obsessed. As a global agency, we provide a full suite of services across healthcare communications and marketing to our clients, including top players in the pharmaceutical and biotech industries. Our #LifeatRealChem culture is rooted in our people—we believe we are best together and are committed to excellence for both our clients and colleagues. Whether you're a seasoned professional or just starting your career, if you share our passion for healthcare and connection, we invite you to explore our opportunities. Discover your purpose. Embrace innovation. Experience #LifeatRealChem. Security Engineer — Application Security & Identity Function: Information Security Reports to: Head of Security Role Summary Owns application security across multiple environments, each with increasing control and compliance requirements. Acts as reviewer for the least complex environments and co-reviewer for higher complexity and controlled environments. Defines and enforces security controls across AWS hosted workloads and GitHub based development pipelines while maintaining independent review authority. Applications originate as AI-assisted prototypes and require structured security validation before enterprise production deployment. This is a hybrid role, based in any of our US offices—including New York City, Boston, Chicago, Carmel, or San Francisco—or remotely within the US, depending on team and business needs. Key Responsibilities Conduct security reviews of Internally developed applications including: Data flow validation Security control design and implementation Secrets handling AI/LLM Data Loss Prevention (DLP) Co-lead production readiness reviews for strictly governed environments: Threat modeling Hardening validation Compliance mapping (SOC 2and contractual and regulatory requirements) Define and enforce identity architecture: Corporate identity: Entra ID Workload identity: AWS IAM and GitHub OIDC Define and manage GitHub native security controls : GitHub Advanced Security (CodeQL / SAST) Dependabot (dependency scanning) Secret scanning Branch protection and environment controls Establish standards for security tooling: SAST (CodeQL, Semgrep) SCA (Dependabot, Snyk) Container scanning (Trivy, ECR scanning) Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec) Define AWS security standards: IAM design and least-privilege access Logging and audit requirements Secrets management and rotation Scope and coordinate third-party penetration testing Maintain audit logging maturity per environment requirements: Baseline logging User-level activity tracking Tamper-evident audit trails with SIEM integration Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk). Partner with DevOps Engineering to ensure security policies are implemented in pipelines and infrastructure AI Security & Usage Governance Define approved AI providers and usage boundaries Establish prompt data classification and handling policies Enforce human-in-the-loop requirements where appropriate Define cost/spend guardrails for AI services Required Qualifications 5+ years (or 3–5+ in high-growth environments) in cloud security, 2 of which should be be focused application security Hands-on security experience with: AWS IAM SAML / OIDC federation GitHub security tooling Experience with threat modeling and coordinating penetration testing Familiarity with SOC 2, GDPR, and HIPAA-adjacent controls In-depth understanding of the risk lifecycle Preferred Qualifications Experience securing GitHub-based CI/CD pipelines Experience in AWS native environments Exposure to regulated industries (GxP, 21 CFR Part 11) Security certifications (CISSP, CCSP, OSCP, GIAC, etc.) Associates degree or higher Experience bringing low-code or AI-generated applications under enterprise security controls Pay Range: $60,000-$80,000 This is the pay range the Company believes it will pay for this position at the time of this posting. Consistent with applicable law, compensation will be determined based on job-related, non-discriminatory factors including but not limited to work experience, skills, certifications, and geographical location. The Company reserves the right to modify this pay range at any time Solstice Analytics is proud to be Great Place to Work® certified; check out what our people shared about our culture and workplace on our Great Places to Work Profile here . We believe we can do our best when feeling our best, which is why we’ve put together a benefits program designed to give you the support you and your family need at every stage of life. Real Chemis

Read the full posting on skipthedrive

FAQ

Is the Security Engineer — Application Security & Identity role at Solstice Analytics remote?+

This Security Engineer — Application Security & Identity position is listed as remote (Remote).

What is the salary for the Security Engineer — Application Security & Identity role at Solstice Analytics?+

The listing states Estimated 131k-280k USD.

What seniority level is this Security Engineer — Application Security & Identity role?+

This is a unknown level position.

How do I apply for the Security Engineer — Application Security & Identity role at Solstice Analytics?+

Use the "Apply on skipthedrive" button to open the original posting on skipthedrive, where you can submit your application directly to Solstice Analytics.