Security Engineer III in Durham, North Carolina at Aspirion

ABOUT ASPIRION

At Aspirion, our mission is simple and meaningful: to help healthcare providers get paid accurately, quickly, and transparently for the care they deliver. By combining deep human expertise with advanced technology and AI, we are helping make healthcare more affordable and accessible for everyone.

For more than two decades, Aspirion has been a market leader in revenue cycle services, specializing in some of the most complex and high impact areas of reimbursement. From challenging denials and zero balance reviews to aged accounts receivable, motor vehicle accident claims, workers’ compensation, Veterans Affairs, and out of state Medicaid, we take on the work that others cannot solve and deliver real results for our clients. At the heart of that success is our team. Our teammates are the foundation of everything we do. With more than 1,400 individuals across the organization, we are united by a shared commitment to delivering exceptional outcomes and creating meaningful impact for the hospitals and health systems we serve.

We are building a results driven environment where high performance, collaboration, and continuous growth are expected and supported. The people who thrive here bring a growth mindset, stay open to new technology, and collaborate across teams to solve problems. You will have the opportunity to work alongside a talented and driven team, engage with innovative technology, and play a direct role in solving complex challenges that matter.

Joining Aspirion means more than taking a job. It means being part of a team that is shaping the future of healthcare operations while making a measurable difference for providers and patients alike.

SUMMARY

The Security Engineer III is a senior, hands-on engineer responsible for designing, implementing, and operating security controls in our AWS cloud and Kubernetes/containerized environments. This role operates independently with minimal oversight, translating governance, risk, and compliance requirements (including HIPAA and HITRUST MyCSF) into practical guardrails, engineering standards, and automated enforcement. The Security Engineer III partners closely with Infrastructure and application teams to strengthen secure SDLC practices (code and dependency scanning, secrets detection, CI/CD policy gates), improve cloud security posture, and ensure controls are measurable, auditable, and sustainable in production.

DUTIES AND RESPONSIBILIITES

• Own cloud security engineering for AWS by defining guardrails and configuration baselines (e.g., IAM least privilege, network segmentation, encryption, logging), partnering on implementation, and driving remediation of cloud posture findings to closure.
• Engineer security controls and governance for Kubernetes and containerized workloads (e.g., EKS): define and enforce admission policies, Pod Security standards, network policies, image governance, runtime protections, and secrets management patterns; partner with platform teams on implementation within clusters and supporting IAM.
• Drive secure SDLC controls and engineering governance: integrate and operate scanning and policy gates for application code (SAST), dependencies (SCA), secrets, containers/images, and Infrastructure as Code (IaC); define practical remediation SLAs and exception/waiver workflows aligned to risk.
• Define security policies, standards, and best practices for cloud and containerized environments, and translate them into implementable guardrails and reference patterns (policy-as-code, reference configurations, and developer guidance), including encryption/key management (e.g., KMS), secrets storage, and secure workload access patterns; validate adoption and baseline compliance in partnership with Infrastructure/Platform teams.
• Partner with Compliance to align technical controls to HIPAA requirements and produce audit-ready evidence (configurations, screenshots/exports, control narratives, and remediation tracking) for cloud and container platforms.
• Improve security visibility and detection in AWS and Kubernetes: define requirements, ensure high-quality logging, and create actionable detections/alerts in partnership with the SOC/SIEM owners.
• Run vulnerability management across the stack for cloud and containerized applications: triage and prioritize findings for application code, Infrastructure as Code, container images, third-party dependencies, and OS packages; coordinate fixes with engineering/platform teams, validate remediation, and track risk-based exceptions.
• Support incident response for cloud and container security events: perform technical triage, containment support, root cause analysis, and deliver preventative engineering changes.
• Develop and maintain security-as-code standards and reusable guardrails (e.g., Terraform modules/policies) and automated checks/policy gates to enforce baseline compliance across AWS accounts and Kubernetes clusters; partner with Infrastructure/Platform teams to roll out and operationalize these controls at scale.
• Independently manage security engineering deliverables from intake through delivery: clarify requirements, design solutions, document decisions/runbooks, and communicate status/risks to stakeholders.
• Translate HITRUST MyCSF/HIPAA and internal security policies into measurable cloud and SDLC control requirements; validate control effectiveness through testing and evidence collection.
• Contribute to security tool administration and continuous improvement (e.g., cloud posture management, vulnerability scanning, CI/CD scanning tools) by tuning rules, reducing false positives, and improving developer usability.
• Participate in on-call/escalation processes as needed; maintain runbooks and support post-incident reviews and corrective actions.
• Serve as a technical resource for peers through code/config reviews, pairing, and clear documentation; help raise the security bar through pragmatic standards and guidance.
• Perform other duties as assigned.

COMPETENCIES

• Hands-on AWS security engineering: strong working knowledge of IAM, networking, encryption, logging/monitoring, and common AWS services in production environments.
• Kubernetes/container security expertise: ability to secure clusters and workloads (RBAC, network policies, pod security standards, image scanning/signing, secrets, and runtime considerations).
• Cloud governance mindset: ability to translate policy and risk into guardrails, standards, and automated enforcement (policy-as-code, baseline configurations, continuous compliance).
• Secure SDLC execution: experience operating SAST/SCA and secrets scanning in CI/CD, tuning results, and driving remediation workflows with engineering teams.
• Application and IaC security: ability to review patterns and code changes for secure configuration, identify common IaC misconfigurations, and partner with engineering teams to remediate issues.
• Full-stack vulnerability fundamentals: understands container image composition (base images, OS packages), dependency risk, and remediation approaches (patching, version pinning, rebuilds) in CI/CD and runtime contexts.
• Independent operator: can take ambiguous problems from concept to implementation with minimal oversight, documenting decisions and communicating progress, risks, and tradeoffs.
• Operational security fundamentals: ability to improve logging quality, support investigations, and implement preventative fixes based on root cause analysis.
• Collaboration and influence: works effectively with DevOps and developers to drive adoption of security standards without blocking delivery.
• Regulated environment awareness: understands what “audit-ready” looks like and can implement and evidence controls in HIPAA-regulated environments.
• Clear written communication: produces runbooks, implementation notes, and control evidence that is understandable to engineering, security, and compliance stakeholders.
• Comfort operating in ambiguity with high ownership, prioritizing effectively, and delivering measurable outcomes.

EDUCATION AND EXPERIENCE QUALIFICATIONS

• 5+ years in security engineering, cloud infrastructure, DevOps, or related technical roles, with significant hands-on responsibility securing production AWS environments.
• Demonstrated experience implementing and improving cloud security posture (guardrails, standards, continuous compliance, vulnerability management) with measurable remediation outcomes.
• Strong AWS IAM skills (roles/policies, least privilege design, identity federation, service roles) and experience implementing secure access patterns for humans and workloads.
• Hands-on Kubernetes/container security experience, including implementing secure cluster/workload configuration and image governance in a production containerized environment.
• Experience implementing and evidencing security controls in regulated environments (HIPAA required), including encryption/key management, logging retention, and change/audit trails.
• Experience supporting incident response for cloud/workload security events, including investigation support, containment actions, and post-incident remediation.
• Automation and IaC experience (e.g., Python/Bash; Terraform) and familiarity with implementing policy-as-code and continuous compliance checks.
• Experience assessing and improving security for application code and IaC (e.g., Terraform/CloudFormation/Kubernetes manifests), including code review support, scanning, and remediation guidance.
• Experience managing container security vulnerabilities end-to-end, including image scanning, base image/OS package patching strategies, rebuild processes, and validation of remediations in deployment pipelines.
• Demonstrated experience implementing secure SDLC controls in CI/CD (e.g., GitHub Actions/Jenkins/GitLab), including SAST/SCA, container image scanning, secrets scanning, pipeline gates, and actionable remediation workflows.
• Experience operating in regulated environments (HIPAA required); familiarity with NIST and/or HITRUST is strongly preferred.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field preferred (or equivalent practical experience).
• Security and cloud certifications preferred: AWS Certified Security – Specialty or AWS Solutions Architect, Certified Kubernetes Security Specialist (CKS) or equivalent, and/or CISSP/CCSP (or ability to obtain within an agreed timeframe).