Security Consultant – Staff

This is a fully remote position, open to applicants in Maryland, +1 more state.

📋 Description

• We are looking for a Security Consultant (Staff) to offer security leadership and direction across application modernization and database migration initiatives.

• This position will set security, logging, observability, and compliance standards while ensuring that the modernized environment meets public sector and healthcare data protection requirements.

• As the main security resource supporting various workstreams, the consultant will concentrate on defining patterns, governance, and best practices rather than implementing every security control directly.

• Define and manage security, logging, and observability standards throughout modernization and migration projects.

• Establish secure architecture patterns for AWS-based target environments.

• Develop and advocate for IAM, secrets management, and least-privilege access strategies.

• Ensure appropriate handling and protection of PHI and PII data within healthcare and Medicaid-related systems.

• Advise teams on compliance requirements relevant to state government workloads.

• Review application security controls, authentication and authorization methods, and secure coding practices.

• Assess converted database access patterns and connection security, including Aurora PostgreSQL endpoints.

• Provide guidance on encryption, monitoring, logging, and auditability requirements.

• Support risk identification, remediation planning, and security governance activities.

• Collaborate with technical teams to integrate security best practices throughout the delivery lifecycle.

⛳️ Requirements

• Security & Application Modernization

• Extensive experience conducting secure code reviews and application security assessments.

• Proficiency in ASP.NET Core security best practices.

• Experience in migrating authentication and authorization frameworks, including: Forms Authentication, System.Web.Security Membership, ASP.NET Core Identity, OIDC / OAuth 2.0, and JWT-based authentication.

• Knowledge of: CORS configuration, Anti-forgery protections, and ASP.NET Core Data Protection APIs (MachineKey replacement).

• AWS Security

• Practical expertise with: IAM Roles and Policies, AWS Secrets Manager, AWS Systems Manager Parameter Store, AWS Key Management Service (KMS), Security Groups, AWS WAF, Amazon GuardDuty, and AWS CloudTrail.

• Experience in securing cloud-native applications and database workloads.

• Observability & Monitoring

• Experience in implementing structured logging solutions using: Serilog and Microsoft.Extensions.Logging.

• Knowledge of: OpenTelemetry, CloudWatch Logs, CloudWatch Metrics, and distributed tracing and correlation IDs across modernized application stacks.

• Data Protection & Compliance

• Experience in supporting environments that contain PHI and PII.

• Knowledge of: Encryption in transit (TLS), Encryption at rest, and database and field-level protection strategies.

• Familiarity with healthcare and government compliance requirements, including: HIPAA, NIST 800-53, state government security frameworks, StateRAMP, and FedRAMP concepts.

• Preferred Qualifications: AWS Certified Security – Specialty certification.

• Previous experience supporting Medicaid, healthcare, health-and-human-services, or other public sector programs.

• Experience in securing large-scale modernization or cloud migration projects.

• Familiarity with AWS-based application modernization and database migration initiatives.

🏝️ Benefits

• Important Screening Requirements

• Due to client and clearance requirements, candidates must be U.S. Citizens or U.S. Permanent Residents (Green Card holders) and must be eligible to work in the United States without current or future visa sponsorship.

• Undergo fingerprinting as part of the onboarding process.

• Successfully complete a government background investigation (CJIS-type clearance).