• Sr. Security & Compliance Engineer

    Location US-MA-Burlington
    Job ID
    Research & Development - Systems Engineering
    Pos. Type
    Full Time
  • Company Overview

    Nuance is the pioneer and leader in conversational artificial intelligence (AI) innovations that bring intelligence to everyday work and life. We deliver solutions that understand, analyze, and respond to people, amplifying human intelligence to increase productivity and improve security. With decades of both domain and AI expertise, we work with thousands of organizations across a wide range of industries.


    Join our team! At Nuance, we are constantly reinventing how people connect with technology and with each other. Our AI-powered solutions empower organizations to transform “business as usual.” For decades, the world’s leading financial, healthcare, telecommunications, retailers, and government organizations have trusted Nuance to bring them award-winning solutions that deliver more meaningful outcomes and empower a smarter, more connected world. From clinical speech recognition technologies that free physicians to spend more time caring for patients to real-time intelligence that powers billions of customer interactions, we’re deeply committed to helping organizations push the boundaries of what’s possible.

    Job Summary



    The Nuance Communications Healthcare Site Reliability Engineering (HCSRE) Team is seeking a Security & Compliance Engineer who will be responsible for designing, implementing and improving security solutions across the Speech Cloud Platform.


    This position is also responsible for key aspects of Nuance’s security governance and compliance program within the Healthcare Site Reliability Engineering (HCSRE) Team.  


    This role will work alongside Healthcare Site Reliability team to understand existing solutions and provide advice in control implementation.  Also, build compliance programs including detailed exception reporting and monitoring requirements. Will plan and lead compliance testing controls assessment and documentation across all domains for HITRUST, ISO27001, SOCII, and other compliance requirements as needed.




    • In this role, you will be joining Healthcare Site Reliability Engineering (HCSRE) team, working with SRE Architect and the team to review our cloud architecture, identify and implement improvements security services.
    • Provide security expertise to the team on topics ranging from security architecture, hardening, monitoring, incident detection and response as well as general security improvements.
    • Apply & implement the solutions provided from Security team in areas such as vulnerability management, logging and monitoring, incident response and endpoint security.
    • Act as a subject matter expert on cloud security for Site Reliability Engineering team and work with Security team to implement controls for Speech cloud environments ranging from IaaS to PaaS and SaaS.
    • Review our cloud architecture, work with HCSRE architect to design the best way forward to improve the security posture continuously
    • Perform regular additional security related tasks as assigned.
    • Plan and lead compliance controls assessment and documentation for HCSRE team across all domains for HITRUST, ISO27001, SOCII, and other compliance requirements as needed. Coordinate with internal and external auditors, collect evidence for HCSRE team and provide to the internal auditors.
    • Maintain awareness of external regulations for new or changed requirements within the divisions (HIPAA, HITRUST, PCI, ISO27001, etc.)
    • Knowledge sharing between HCSRE internal teams about compliance controls and security services.
    • Perform tasks related to securing and keeping the products, tools, and processes that you are responsible for securing.



    Education: Bachelor’s Degree in Computer Engineering, Computer Science, or Information Systems Management.

    Number of Years of Work Experience: 5+ (in the security / compliance area)


    Required Skills:

    • Solid operating system security skills, on Linux and Windows, as well as network security concepts.
    • Knowledge of network security, systems security, and application security
    • Experience with securing environments on one or many of the major cloud providers.
    • Information Security technology background
    • Strong understanding of HIPAA, HITRUST, SSAE 18 and similar
    • Well versed in security governance, risk & compliance and security audit practices •
    • Ability to work effectively and contribute within a team environment.
    • Experience with security related technical tools and processes is required.
    • A proven track record of integrating different systems together to achieve security goals

    Preferred Skills:

    • Experience with open-source security tools, or even better, having contributed to their development.
    • Efficiency with at least one scripting language.
    • IT Audit/Compliance experience desired
    • CISSP, CISM, CISA, and other such credentials
    • Certifications such as OSCP and SANS certifications are nice to have.


    Additional Information

    Nuance offers a compelling and rewarding work environment. We offer market competitive salaries, bonus, equity, benefits, meaningful growth and development opportunities and a casual yet technically challenging work environment. Join our dynamic, entrepreneurial team and become part of our continuing success.  


    Nuance Communications, Inc. (“Nuance”) is an equal opportunity employer.  We evaluate qualified applicants without regard to race, age, color, religion, sex, national origin, disability, veteran status, gender identity, sexual orientation and other legally protected characteristics. The EEO is the Law poster and its supplement is available here. If you need a reasonable accommodation because of a disability for any part of the employment process, please call 781-565-5086 – Human Resources Department and let us know the nature of your request and your contact information.

    LI Code



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed