Senior Platform & Security Engineer in Philadelphia
Role details
Job location
Tech stack
Job description
We are looking for a Senior Platform and Security Engineer to own the Azure infrastructure, IT operations, and technical implementation of security controls that underpin this platform. This is a hands-on individual contributor role with a potential path toward team leadership as the company grows. You will work closely with the engineering team on platform changes and directly with leadership on SOC 2 Type 2 and HIPAA audit preparation., Azure Platform Ownership
-
Own infrastructure for all Azure resources across development, UAT, and production environments
-
Manage and evolve Azure DevOps pipelines for build, test, and deployment
-
Operate Azure Container Apps, App Service, Service Bus, Azure Database for PostgreSQL Flexible Server, Blob Storage, and supporting services
-
MaintainAzure Key Vault including secrets rotation and enforcement of least-privilege access
-
Configure and tune Application Insights and Log Analytics, including PHI-safe logging pipelines that prevent sensitive data from appearing in telemetry
Security Controls and Compliance
- Implement andmaintaintechnical controls in support of SOC 2 Type 2 and HIPAA compliance programs
- Administer Entra ID including conditional access policies, MFA enforcement, group lifecycle management, and governance
- Partner with leadership on audit preparation, evidence collection, and control documentation
- Contribute to incident response readiness, including tabletop exercises and runbook development
- Manage logging and alerting functions through Microsoft Purview and Microsoft Sentinel, including alert tuning, analytics rules, and data connector configuration
- Maintain and improve the organization's security posture through vulnerability management, access reviews, and security monitoring
IT Operations
- Own Office 365 administration, SharePoint configuration, and SaaS tool management for the organization
- Serve as the internal technical authority on endpoint security, device management, and employee access provisioning
- Evaluate and onboard new tooling as the company scales, with a bias toward security and operational simplicity
The Technical Environment
-
Infrastructure: Azure Container Apps, Azure App Service, Azure Service Bus, Azure Database for PostgreSQL Flexible Server, Azure Blob Storage
-
Security and : Azure Key Vault, Microsoft Entra ID, Microsoft Defender, Azure Policy
-
Observability and Security Operations: Application Insights, Log Analytics Workspaces, Microsoft Sentinel, Microsoft Purview
-
CI/CD: Azure DevOps pipelines
-
Productivity: Microsoft 365, SharePoint, Teams
-
Compliance targets: SOC 2 Type 2, HIPAA
Requirements
- 7-10 years in cloud platform engineering, DevOps, or infrastructure security
- Hands-on production Azure experience across thefull servicelifecycle, not just resource provisioning
- Practical experience implementing technical controls for HIPAA and SOC 2 Type 2
- Fluent in Entra ID: conditional access, MFA, role assignments, and governance
- Appliesappropriate safeguardsfor protected health information, including PHI-safe logging pipelines, data isolation, and least-privilege access controls
- Comfortable owning IT operations end-to-end: M365, SaaS administration, and employee access management included
- Brings a point of view. This role requires someone who assesses the environment,identifiesgaps, and recommends a path forward
- Energized by doing the work. This is a hands-on role with full ownership of the platform and security posture
- Healthcare or regulated industry background is a genuine advantage
- Comfortable incorporating AI-assisted tools and workflows into day-to-day work to improve speed and quality