<p>Description</p><p> </p><p>For over two decades, Aspirion has delivered market-leading revenue cycle services. We specialize in collecting challenging payments from third-party payers, focusing on complex denials, aged accounts receivables, motor vehicle accident, workers’ compensation, Veterans Affairs, and out-of-state Medicaid.</p><p><br></p><p>At the core of our success is our highly valued team of over 1,400 teammates as reflected in one of our core guiding principles, “Our teammates are the foundation of our success.” United by a shared commitment to client excellence, we focus on achieving outstanding outcomes for our clients, aiming to consistently provide the highest revenue yield in the shortest possible time.</p><p><br></p><p>We are committed to creating a results-oriented work environment that is both challenging and rewarding, fostering flexibility, and encouraging personal and professional growth. Joining Aspirion means becoming a part of an industry leading team, where you will have the opportunity to engage with innovative technology, collaborate with a diverse and talented team, and contribute to the success of our hospital and health system partners. Aspirion maintains a strong partnership with Linden Capital Partners, serving as our trusted private equity sponsor.</p><p><br></p><p> </p><p><strong>SUMMARY</strong> </p><p><br></p><p>We are looking for a Principal Security Engineer who is a deeply hands-on security engineering leader who serves as the Senior Director of Information Security & Compliance’s right hand for Cloud Security. This role owns end-to-end security architecture and technical execution across our cloud and Microsoft 365 environments—translating risk into actionable engineering requirements, setting guardrails and reference architectures, and driving durable improvements in identity, network, endpoint, and data security. This is a working-leader role: you will design and build controls, automate, and lead technical incident response at depth. While this role may not have direct reports initially, it is expected to lead the cloud security engineering function as it scales by setting technical direction, establishing standards and operating cadence, mentoring engineers/admins, and influencing delivery across IT, DevOps, and application teams. </p><p><br></p><p><strong>DUTIES AND RESPONSIBILIITES</strong> </p><ul><li>Act as hands-on technical lead for Cloud Security engineering: personally drive key designs, build and automate controls, review high-risk changes, and raise engineering quality through standards, patterns, and practical guidance. </li><li>Own the Cloud Security engineering roadmap and operating cadence: intake/prioritization, quarterly planning, technical governance (architecture review), KPI/SLO definition, and stakeholder communication with IT, DevOps, and application teams. </li><li>Provide hands-on technical leadership for security engineering initiatives end-to-end—from threat modeling and design reviews through build, rollout, and operationalization—producing clear technical artifacts (diagrams, decision records, runbooks, and patterns) and delegating effectively across the team. </li><li>Build and mature Zero Trust controls: identity governance, Conditional Access strategy, MFA and phishing-resistant authentication, privileged access management, and secure access patterns for administrators and service accounts. </li><li>Establish logging, detection, and response engineering: define telemetry requirements, build detections and automation, and ensure high-fidelity coverage across cloud control plane, workloads, endpoints, and identity. </li><li>Lead technical incident response for cloud and identity events: drive containment/eradication, perform root cause analysis, and implement preventative engineering changes; partner with the SOC/MSSP and set clear technical performance expectations. </li><li>Own cloud vulnerability management and secure configuration: define baselines, prioritize remediation based on exploitability and business impact, and partner with infrastructure/app teams to drive fixes to closure. </li><li>Implement data security and governance controls across Microsoft Purview (classification, labeling, DLP) and encryption/key management (including Key Vault/KMS), aligned to regulatory and contractual requirements. </li><li>Drive endpoint and device security strategy with Microsoft Intune (MDM/MAM), security baselines, and hardening; partner with IAM and IT Ops to reduce identity and endpoint attack surface. </li><li>Own secure SDLC and CI/CD controls for cloud/platform delivery using GitHub: integrate and operationalize Snyk (SCA/SAST as applicable), secrets scanning, and policy-as-code/gating; define remediation SLAs and exception processes; reduce noise through tuning; and drive developer enablement and adoption metrics. </li><li>Own Cloud Security outcomes end-to-end (guardrails, identity, network, workload, logging/detection) and partner with application engineering leaders to embed SDLC controls into product teams—providing patterns, tooling, and governance while enabling teams to ship securely. </li><li>Partner with GRC/Compliance to translate NIST/HIPAA/HITRUST requirements into implementable technical controls; support audits by producing architecture evidence, control narratives, and remediation plans. </li><li>Manage security tooling and service relationships (e.g., MSSP/SOC, SIEM/SOAR, vulnerability scanning): define requirements, evaluate solutions, oversee implementations, and manage renewals and budget in partnership with leadership and procurement. </li><li>Establish the team’s operational model: on-call and escalation paths, incident response roles and rotations, runbooks, post-incident reviews, and continuous improvement of reliability and security outcomes. </li><li>Mentor and level-up engineers and administrators through pairing, reviews, and design critiques; establish hiring rubrics, career ladders, and a high quality bar for security work (tests, change control, documentation, and operational readiness). </li><li>Perform other duties as assigned. </li></ul><p>Requirements</p><p> </p><p><strong>COMPETENCIES</strong> </p><ul><li>Principal-level security architecture skills: able to design end-to-end controls across identity, network, compute, data, and monitoring with clear tradeoffs (cost, reliability, usability, and risk). </li><li>Hands-on engineering ability: scripting/automation and deep platform experience (Azure and Microsoft 365 strongly preferred) to build guardrails, detections, and operational tooling. </li><li>Threat modeling and adversary-aware thinking; experience mapping threats to technical mitigations and detection strategies. </li><li>Operational excellence: strong incident command at the technical level, root cause analysis, and bias toward preventative engineering. </li><li>Ability to influence architecture decisions across teams without formal authority; clear written communication (design docs, standards, runbooks) and strong technical judgment. </li><li>Experience designing security telemetry, SIEM/SOAR workflows, and detection engineering practices; ability to evaluate and tune MSSP/SOC outcomes. </li><li>Strong coaching and mentoring skills; raises the technical bar for the organization and develops others through reviews and hands-on collaboration. </li><li>Secure SDLC / AppSec tooling leadership: can implement and run scanning and governance programs (e.g., Snyk + GitHub), balance friction vs. risk, and build strong partnerships with engineering to drive adoption and remediation. </li><li>Strong organizational leadership: can set direction, align stakeholders, and communicate complex technical risk and tradeoffs to executives and non-technical partners. </li><li>Ability to scale a function: experience leading through influence, and (preferred) building/leading teams as scope grows. </li><li>Comfort operating in ambiguity with high ownership, prioritizing ruthlessly, and delivering outcomes. </li></ul><p><br></p><p><strong>EDUCATION AND EXPERIENCE QUALIFICATIONS</strong> </p><ul><li>10+ years in security engineering, cloud infrastructure, or related technical roles, including 5+ years owning cloud security architecture and execution in production Azure environments (AWS/GCP experience a plus). </li><li>Demonstrated experience building and/or materially maturing a cloud security program (guardrails, standards, secure landing zones, detection/response, vulnerability management) with measurable outcomes. </li><li>Deep expertise in identity and access management and Zero Trust (Entra ID/Azure AD, Conditional Access, MFA, privileged access, service principals, and least privilege design). </li><li>Strong cloud network and workload security skills (VNets/VPCs, private connectivity, firewall/WAF, segmentation, container/Kubernetes security, and secure secrets management). </li><li>Experience implementing data security controls, including classification/labeling and DLP (Microsoft Purview preferred), encryption, and key management. </li><li>Proven incident response leadership for cloud/identity events, including forensics triage, containment, and post-incident engineering remediation. </li><li>Strong automation and IaC experience (PowerShell/Python; Terraform/Bicep/ARM/CloudFormation) and ability to implement policy-as-code and continuous compliance evidence collection. </li><li>Demonstrated experience implementing secure SDLC controls in GitHub (e.g., GitHub Actions) including integrating Snyk and establishing dependency governance, scanning standards, pipeline gates, and measurable remediation workflows. </li><li>Experience operating in regulated environments (HIPAA required; NIST and HITRUST experience strongly preferred) and translating control frameworks into technical implementations. </li><li>Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field preferred (or equivalent practical experience). </li><li>People management experience is preferred (hiring, coaching, and performance management), but not required for candidates who demonstrate strong functional leadership and the ability to scale security engineering outcomes through influence. </li><li>One or more certification required: CISSP, CISM, CCSP, GIAC (e.g., GCSA/GCIA/GCIH), AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate (AZ-500) or relevant Expert-level credentials. </li></ul><p><br></p><p> </p><p><strong>Benefits</strong></p><p><br></p><p>At Aspirion we invest in our employees by offering a full benefits package, including health, dental, vision and life insurance upon hire, matching 401k, competitive salaries, advancement opportunities, and incentive programs.<em>Individual pay is determined by a number of factors including, but not limited to, job-related skills, experience, education, training, licensure or certifications obtained. Market, location and organizational factors are also considered.</em> In addition to base salary, a competitive benefits package is offered.Must reside in the United States within one of the states listed below:Alabama, Arizona, Arkansas, Delaware, Florida, Georgia, Iowa, Indiana, Kansas, Kentucky, Louisiana, Massachusetts, Maine, Maryland, Michigan, Minnesota, Missouri, Mississippi, Montana, North Carolina, Nebraska, New Hampshire, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Virginia, Wisconsin, West Virginia, and Wyoming.</p><p><br></p><p><strong>AAP/EEO Statement</strong></p><p><br></p><p>Equal Opportunity Employer/Drug-Free Workplace: Aspirion is an Equal Employment Opportunity employer. We adhere to a policy of making employment decisions without regard to race, color, age, sex, pregnancy, religion, national origin, ancestry, medical condition, marital status, gender identity citizenship status, veteran status, disability, or veteran status. Aspirion has a Drug-Free Workplace Policy in effect that is strictly adhered to.Please note that this position is contingent upon the successful completion of a pre-employment drug screening and background check. These steps are part of our standard hiring process to ensure a safe and compliant workplace </p>