Sr. Director of Security Operations & Engineering

10+ years in information security. At least 5 years in technical leadership roles. Proven experience designing and operating secure, cloud-based SaaS infrastructure (AWS required). Cloud security architecture and automation. Incident detection and response. Network engineering and security controls. Vulnerability management and threat modeling. Hands-on technical expertise with scripting/automation (Python, PowerShell, Bash). Hands-on technical expertise with infrastructure-as-code (Terraform, CloudFormation). Hands-on technical expertise with CI/CD integration. Strong familiarity with enterprise IT systems (Active Directory, Okta, MDM, SSO). Knowledge of regulatory and compliance frameworks including HIPAA, HITRUST, and ISO 27001. Demonstrated experience leading multidisciplinary technical teams in dynamic environments. Experience with container security, Kubernetes, and EDR/MDR solutions (preferred). Background in healthcare or other regulated industries (preferred).

Lead and develop teams responsible for cloud security engineering, network and infrastructure security, and security operations. Define and execute the security engineering roadmap. Serve as the senior technical authority for all security controls, tooling, and automation initiatives. Partner with Engineering, IT, and Compliance leadership to embed secure design principles into products and operations. Own and evolve Arcadia’s Computer Security Incident Response Team (CSIRT). Represent Security Operations & Engineering in architecture reviews, executive updates, and customer discussions. Design, implement, and maintain security controls across cloud, infrastructure, and application environments. Architect secure AWS multi-account environments using services such as EKS, ECS, Lambda, and VPC, applying Zero Trust principles and automating configuration management with Terraform or CloudFormation. Manage network and infrastructure security by maintaining segmentation, VPN, firewall, and endpoint protection controls, along with perimeter defenses including WAF, DDoS mitigation, and intrusion detection systems. Lead the configuration and tuning of detection and response capabilities including SIEM pipelines, threat intelligence integration, and incident response workflows. Serve as Arcadia’s Cyber Security Incident Response Team (CSIRT) Manager. Implement security-as-code practices that automate control validation, configuration baselines, and remediation using scripting and orchestration tools. Oversee identity and access management across AWS, Okta/Auth0, and Microsoft 365 environments. Translate compliance controls (e.g., SOC 2, ISO 27001, HITRUST) into enforceable technical configurations. Partner with the Security Assurance team to provide audit evidence and continuous control monitoring. Partner with the Security Assurance to conduct and oversee technical risk assessments, vulnerability management, and remediation planning. Ensure technical alignment to healthcare privacy and security requirements (e.g., HIPAA, HITECH). Evaluate emerging technologies in AI-driven detection, behavioral analytics, and modern DevSecOps tooling. Benchmark security capabilities against industry best practices and high-performing SaaS peers. Foster a culture of continuous improvement, collaboration, and technical excellence within Security Engineering and Operations.