Information Security Engineer III, and Cloud Security Lead

Information Security Engineer III, Application and Cloud Security Lead

United States, Massachusetts, Somerville

The Mass General Brigham (MGB) Information Security Engineer III – Application and Cloud Security Lead provides leadership and expertise within the cybersecurity team, specifically overseeing security practices related to application development and cloud infrastructure. This role is responsible for ensuring robust and secure software development life cycles, implementing advanced security strategies in cloud environments, and driving continuous improvement in both application security and cloud security posture.

The Engineer will lead complex security projects, coordinate cross‑team collaboration, and mentor junior and mid‑level engineers to foster their professional growth. The ideal candidate is a deeply technical minded security professional focused on secure coding practices or development engineering with experience designing and executing strategic / programmatic roadmaps. The Engineer may represent the organization in industry forums or regulatory discussions, and actively engages with external partners, vendors, and stakeholders to establish collaborative security strategies and ensure alignment with industry trends and best‑in‑class security practices.

The Engineer should have prior experience building application and/or cloud security programs and experience in multiple of the following areas:

• Dev Sec Ops
• Strategic program build and design
• Secure Code Development
• Application Security Testing Tools
• CI/CD Pipeline Hardening
• Application and Code Vulnerability Analysis
• Cloud security expertise

• Collaboratively design the application and cloud security program to meet the needs of Mass General Brigham and lead engineers in the execution of the strategic roadmap.
• Lead the design, development, testing, and implementation of advanced security controls for application development and cloud environments based on published information security policies and business requirements.
• Establish and maintain a secure software development lifecycle (SSDLC), incorporating security checkpoints, threat modeling, secure coding standards, and rigorous testing practices.
• Drive the implementation and ongoing management of Cloud Security Posture Management (CSPM) tools and strategies, ensuring continuous monitoring and proactive remediation of cloud security issues.
• Implement and maintain code analysis tools (e.g., SAST, DAST, IAST, SCA, etc.) to identify security vulnerabilities in code before deployment, and collaborate with development teams to integrate these tools into workflows and provide actionable insights to remediate identified issues.
• Serve as a technical leader within the cybersecurity team, providing guidance, mentorship, and professional development opportunities for junior and mid‑level security engineers.
• Collaborate closely with development, operations, and Dev Ops teams to embed security seamlessly into software development and deployment processes, fostering a Dev Sec Ops  culture.
• Conduct and oversee application and cloud security assessments, including penetration testing, code reviews, configuration audits, and vulnerability management efforts.
• Innovate by researching, evaluating, and proposing new security technologies and methods specifically designed to improve the organization’s application and cloud security maturity.
• Ensure high‑quality, maintainable, and scalable security solutions through comprehensive architecture reviews, security assessments, and alignment with best practices.
• Respond promptly and effectively to complex security incidents involving applications and cloud resources, providing expert guidance and leading remediation efforts.
• Engage proactively with vendors, industry partners, and stakeholders to leverage external expertise, technologies, and best practices.
• Align all actions and decisions with organizational values, including Patients First, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk, and demonstrate commitment to Diversity & Inclusion, Integrity & Respect, Learning & Continuous Improvement, Personal…