HIPAA AWS Infrastructure Review

Posted yesterday

Worldwide

Summary

We are looking for an experienced AWS security consultant with deep knowledge of HIPAA compliance to perform an independent security review of our AWS environment and provide actionable recommendations prior to our go live. This is not an implementation project; however, it could transition into one depending upon the results. We are looking for a senior consultant who can evaluate our current architecture, identify security and compliance gaps, and deliver a prioritized remediation roadmap. We're looking for someone who can identify real risks, not simply produce a checklist. Practical experience with verified healthcare SaaS environments is highly preferred. You will be working with our full time developer if needed. Scope of Work The selected consultant will: • Review our AWS architecture and security configuration • Assess HIPAA technical safeguards and AWS best practices • Review IAM users, roles, and permissions for least privilege • Evaluate network security (VPCs, Security Groups, NACLs, WAF, VPN) • Review encryption at rest and in transit (KMS, S3, RDS, EBS, Secrets Manager) • Assess logging, monitoring, and audit capabilities (CloudTrail, CloudWatch, GuardDuty, Security Hub) • Review backup and disaster recovery strategy (if applicable) • Evaluate authentication and MFA policies • Review application hosting architecture and storage of PHI • Identify any services that may not be HIPAA eligible • Identify high, medium, and low-risk findings • Provide practical recommendations based on risk and cost • Deliver a written report with remediation priorities Deliverables • Executive summary • Technical security assessment • HIPAA gap analysis • Risk-prioritized findings • Recommended remediation plan • Walkthrough of findings with developer Required Experience Please apply only if you have: • 5+ years securing AWS production environments • Experience supporting HIPAA-regulated healthcare applications in the United States • Strong knowledge of AWS security services • Experience with IAM, KMS, CloudTrail, GuardDuty, Security Hub, WAF, VPC, S3, EC2, RDS, and Secrets Manager • Ability to explain technical findings to non-technical stakeholders as well as full time developer Preferred Qualifications • AWS Security Specialty certification • AWS Solutions Architect Professional • CISSP, CCSP, HCISPP, or similar security certifications • Experience preparing organizations for HIPAA, HITRUST, or SOC 2 audits (preferred HIPAA) • Experience working under Business Associate Agreements (BAAs) Environment Our environment includes: • AWS-hosted healthcare application • Protected Health Information (PHI) • Production and development environments • Modern web application architecture More technical details will be shared after an NDA and/or Business Associate agreement is signed. Proposal Requirements Please include: 1. A brief description of similar AWS HIPAA security reviews you've completed. 2. Relevant AWS certifications. 3. Your approach to conducting a security assessment. 4. Estimated timeline. 5. Fixed-price estimate or hourly rate (we merely estimated a budget, and depending upon a conversation would be open to exploring more or less). AI Disclaimer: This job posting was created by a non-technical individual with the assistance of AI.

  • $600.00

    Fixed-price
  • Expert
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Database Security
Firewall
Activity on this job
  • Proposals:10 to 15
  • Last viewed by client:47 seconds ago
  • Interviewing:
    2
  • Invites sent:
    3
  • Unanswered invites:
    1
About the client
Member since Feb 7, 2024
  • United States
    Boynton Beach8:02 AM
  • $13K total spent
    2 hires, 1 active
  • 405 hours
  • Tech & IT
    Individual client

Explore similar jobs on Upwork

UK Cybersecurity Sales ProfessionalHourly‐ Posted 3 weeks ago
Sales
Phone Communication
Telemarketing
Cold Calling
Help with cyber security photoshopHourly‐ Posted 10 months ago
Penetration Testing
System Security
Cybersecurity Management
Vulnerability Assessment
Security Assessment & Testing
Network Penetration Testing
Testing
Software Testing
Ethical Hacking
Threat Detection

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo