[Remote] Cloud Network Security Engineer - DLP

Note: The job is a remote job and is open to candidates in USA. Prospance Inc is a leading healthcare technology innovator, seeking a Cloud Network Security Engineer with expertise in Data Loss Prevention (DLP). This senior role involves designing and securing cloud infrastructure, implementing DLP controls, and embedding Zero Trust principles across multi-cloud environments.

Responsibilities

• Design, implement, and operate secure cloud network architectures in AWS, Azure, and/or GCP including VPCs/VNets, subnets, route tables, security groups, NSGs, Transit Gateways, and PrivateLink/Private Endpoint
• Configure and harden cloud-native firewalls and security services (AWS Network Firewall, Azure Firewall, GCP Cloud Armor, Security Hub, Sentinel, Security Command Center)
• Design and implement comprehensive Data Loss Prevention (DLP) strategies across cloud environments protecting sensitive healthcare data in transit and at rest
• Deploy and manage DLP solutions (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec) to prevent unauthorized data exfiltration
• Configure DLP policies and rules for healthcare data classification, detection, and remediation aligned with HIPAA and PHI protection requirements
• Monitor and analyze DLP events, alerts, and incidents; investigate suspicious data movement patterns and respond to potential data breaches
• Implement secure hybrid connectivity using Direct Connect, ExpressRoute, Cloud Interconnect, IPsec VPNs, and SD-WAN where applicable
• Build and maintain Zero Trust and microsegmentation strategies for cloud workloads with identity-aware access and least-privilege network policies
• Author and maintain Terraform/CloudFormation modules for network security and DLP infrastructure making secure configurations the default
• Automate network security and DLP tasks using Python, Bash, or PowerShell including policy validation, drift detection, and incident response
• Integrate network security and DLP controls into CI/CD pipelines ensuring reviewed, tested, and safe deployments
• Operate cloud network monitoring and detection using VPC Flow Logs, GuardDuty, Defender for Cloud, and feed security and DLP signals into SIEM
• Conduct network security and DLP assessments including penetration testing and vulnerability scans in cloud-native environments
• Develop and enforce network security and DLP policies aligned with HIPAA, PHI protection, and healthcare compliance requirements

Skills

• 7+ years network security engineering with minimum 3+ years hands-on in AWS, Azure, or GCP (not just exposure)
• 3+ years hands-on experience designing and implementing DLP solutions in cloud environment
• Demonstrated expertise with DLP tools and platforms (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec, Mcafee, or equivalent)
• Proven production experience securing cloud infrastructure: VPC/VNet design, security groups/NSGs, cloud firewalls, IAM
• Actual job bullets demonstrating: VPC/VNet architecture, security groups/NSGs configuration, cloud-native security services implementation, DLP policy configuration
• Strong understanding of data classification, sensitive data detection, and data protection in regulated healthcare environment
• Experience with DLP incident response, forensic analysis, and breach investigation
• Deep expertise in one cloud with working knowledge of a second (multi-cloud background)
• Advanced DLP implementation experience across multiple cloud platforms
• Experience with cloud-native DLP platforms (Cloudflare Data Loss Prevention, AWS Macie with custom data classification)
• Container and Kubernetes networking security (network policies, service mesh, EKS/AKS/GKE)
• Zero Trust, SASE, and microsegmentation in cloud/hybrid context
• Cloud-native security platforms: Security Hub, Azure Sentinel, GCP Security Command Center, Wiz, Prisma Cloud
• Knowledge of PHI (Protected Health Information) data handling and HIPAA DLP requirements
• DevSecOps practices and CI/CD security integration
• Healthcare, finance, or government experience with HIPAA, PCI-DSS, SOX, or HITRUST exposure
• Cloud certifications: AWS Advanced Networking/Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer
• CISSP, CCNP Security, or CCSP certified Data Protection Officer (CDPO) or equivalent DLP certification

Company Overview