Security Engineer

Description

Position at WebMD

WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.

WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.

Summary:

We are seeking a highly skilled Security Analyst/Engineer with Cloud Security experience to join our Information Security team. The ideal candidate will have a strong understanding of security principles, network security, and cloud security, as well as experience with modern security tools and frameworks is required.

This role will focus on designing, implementing, and maintaining security controls, responding to security incidents, and ensuring compliance with industry standards and best practices with a particular focus on Azure cloud infrastructure. Hands-on experience with Azure security tools and configurations, and a strong understanding of threat detection and incident response in these environments is a must. The candidate will collaborate with cross-functional teams to strengthen the organization’s overall security posture.

Key Responsibilities:

Cloud Security Architecture & Implementation:

●Design and implement security controls for cloud-based infrastructure in Azure.

●Configure and manage cloud-native security tools in Azure Defender.

●Act as technical security interface between WebMD Ignite, customer and partner engineering teams

●Apply secure coding practices and infrastructure as code (IaC) for automated security deployment.

●Help define and enforce Identity and Access Management (IAM) policies and roles.

●Monitor and audit secure networking practices, including VPCs, subnets, and firewalls in cloud environments.

Collaboration & Security Awareness:

●Act as technical security interface with customer and partner engineering teams.

●Collaborate with cross-functional teams to ensure information security best practices.

●Work with development and infrastructure teams to integrate security into the CI/CD pipeline.

●Provide security guidance to DevOps teams on secure coding practices and infrastructure hardening.

●Act as a subject matter expert on cloud security for internal stakeholders.

Threat Detection & Incident Response:

●Monitor cloud environments for security threats and suspicious activity using SIEM platforms (e.g., Splunk, Azure Sentinel, Google Chronicle).

●Collaborate with SOC and security operations teams to escalate and remediate incidents.

●Support investigations and response to security incidents, including cloud-based breaches, unauthorized access, and misconfigurations.

●Support root cause analysis and implement corrective actions to prevent future incidents.

Compliance & Governance:

●Ensure cloud security configurations align with industry standards (e.g., SOC 2, HITRUST, CIS Benchmarks, NIST, HIPAA, PCI).

●Support internal and external audits by providing evidence of cloud security controls and configurations.

●Develop and enforce cloud security policies and guidelines across business units.

●Implement encryption, data loss prevention (DLP), and key management solutions in cloud environments.

Vulnerability Management:

●Conduct vulnerability scans and penetration tests of cloud infrastructure and applications.

●Track and prioritize remediation efforts for identified cloud security vulnerabilities.

●Collaborate with development and infrastructure teams to fix misconfigurations and weaknesses.

●Automate vulnerability detection and patching where possible.

Required Qualifications:

●3–5 years of experience in information security with a focus on Administering Azure Cloud.

●Strong understanding of Azure security tools.

○Hands-on experience with Azure AD, RBAC, Network Security Groups (NSGs), and Azure Firewall.

●Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent work experience).

Preferred Qualifications:

●AWS and GCP security control design and implementation experience a plus.

●Proficient in scripting or automation using PowerShell, Python, and Bash.

●Knowledge of security frameworks and standards including HIPAA, PCI, NIST, CIS Benchmarks.

●Experience with container security tools (e.g., Kubernetes, Docker, EKS, AKS, GKE) and serverless security.

●Strong understanding of IAM, network security, encryption, and monitoring in cloud platforms.

●Experience with SIEM and XDR platforms for threat detection and response.

●Professional certifications such as Microsoft Certified: Security Operations Analyst Associate, Microsoft Certified: Azure Security Engineer Associate, or CISSP.

●Experience securing hybrid cloud and multi-cloud environments.

●Familiarity with DevSecOps practices and infrastructure as code (IaC) tools like Terraform or Bicep.

●Professional certifications such as:

○Certified Cloud Security Professional (CCSP)

○AWS Certified Security – Specialty

○Microsoft Certified: Azure Security Engineer Associate

○Google Professional Cloud Security Engineer

○CISSP

●Experience with multi-cloud and hybrid cloud security.

●Understanding of DevSecOps principles and secure CI/CD pipelines.

●Experience with SIEM and XDR platforms for threat detection and response.

Key Competencies:

●Strong analytical and problem-solving skills

●Effective communication and collaboration across teams

●Ability to work independently and manage multiple projects simultaneously

●Proactive mindset with a strong focus on continuous improvement

Comp range: $90,000-$100,000

Benefits:

Employees in this position are eligible to participate in the company sponsored benefit programs, including the following within the first 12 months of employment:

• Health Insurance (medical, dental, and vision coverage)

• Paid Time Off (including vacation, sick leave, and flexible holiday days)

• 401(k) Retirement Plan with employer matching

• Life and Disability Insurance

• Employee Assistance Program (EAP)

• Commuter and/or Transit Benefits (if applicable)

Eligibility for specific benefits may vary based on job classification, schedule (e.g., full-time vs. part-time), work location and length of employment..