Note: The job is a remote job and is open to candidates in USA. Prospance Inc is a leading healthcare technology innovator, seeking a Cloud Network Security Engineer with expertise in Data Loss Prevention (DLP). This senior role involves designing and securing cloud infrastructure, implementing DLP controls, and embedding Zero Trust principles across multi-cloud environments.
Responsibilities
- Design, implement, and operate secure cloud network architectures in AWS, Azure, and/or GCP including VPCs/VNets, subnets, route tables, security groups, NSGs, Transit Gateways, and PrivateLink/Private Endpoint
- Configure and harden cloud-native firewalls and security services (AWS Network Firewall, Azure Firewall, GCP Cloud Armor, Security Hub, Sentinel, Security Command Center)
- Design and implement comprehensive Data Loss Prevention (DLP) strategies across cloud environments protecting sensitive healthcare data in transit and at rest
- Deploy and manage DLP solutions (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec) to prevent unauthorized data exfiltration
- Configure DLP policies and rules for healthcare data classification, detection, and remediation aligned with HIPAA and PHI protection requirements
- Monitor and analyze DLP events, alerts, and incidents; investigate suspicious data movement patterns and respond to potential data breaches
- Implement secure hybrid connectivity using Direct Connect, ExpressRoute, Cloud Interconnect, IPsec VPNs, and SD-WAN where applicable
- Build and maintain Zero Trust and microsegmentation strategies for cloud workloads with identity-aware access and least-privilege network policies
- Author and maintain Terraform/CloudFormation modules for network security and DLP infrastructure making secure configurations the default
- Automate network security and DLP tasks using Python, Bash, or PowerShell including policy validation, drift detection, and incident response
- Integrate network security and DLP controls into CI/CD pipelines ensuring reviewed, tested, and safe deployments
- Operate cloud network monitoring and detection using VPC Flow Logs, GuardDuty, Defender for Cloud, and feed security and DLP signals into SIEM
- Conduct network security and DLP assessments including penetration testing and vulnerability scans in cloud-native environments
- Develop and enforce network security and DLP policies aligned with HIPAA, PHI protection, and healthcare compliance requirements
Skills
- 7+ years network security engineering with minimum 3+ years hands-on in AWS, Azure, or GCP (not just exposure)
- 3+ years hands-on experience designing and implementing DLP solutions in cloud environment
- Demonstrated expertise with DLP tools and platforms (Cloudflare, AWS Macie, Microsoft Purview, Forcepoint, Symantec, Mcafee, or equivalent)
- Proven production experience securing cloud infrastructure: VPC/VNet design, security groups/NSGs, cloud firewalls, IAM
- Actual job bullets demonstrating: VPC/VNet architecture, security groups/NSGs configuration, cloud-native security services implementation, DLP policy configuration
- Strong understanding of data classification, sensitive data detection, and data protection in regulated healthcare environment
- Experience with DLP incident response, forensic analysis, and breach investigation
- Deep expertise in one cloud with working knowledge of a second (multi-cloud background)
- Advanced DLP implementation experience across multiple cloud platforms
- Experience with cloud-native DLP platforms (Cloudflare Data Loss Prevention, AWS Macie with custom data classification)
- Container and Kubernetes networking security (network policies, service mesh, EKS/AKS/GKE)
- Zero Trust, SASE, and microsegmentation in cloud/hybrid context
- Cloud-native security platforms: Security Hub, Azure Sentinel, GCP Security Command Center, Wiz, Prisma Cloud
- Knowledge of PHI (Protected Health Information) data handling and HIPAA DLP requirements
- DevSecOps practices and CI/CD security integration
- Healthcare, finance, or government experience with HIPAA, PCI-DSS, SOX, or HITRUST exposure
- Cloud certifications: AWS Advanced Networking/Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer
- CISSP, CCNP Security, or CCSP certified Data Protection Officer (CDPO) or equivalent DLP certification
Company Overview
Prospance is an information technology company that provides staffing and project implementation services. It was founded in 2009, and is headquartered in Fremont, California, USA, with a workforce of 201-500 employees. Its website is http://prospanceinc.com.