HIPAA Compliance Engineer

Job Brief:

About the Role Bacancy Technology is seeking a HIPAA Compliance Engineer to embed regulatory compliance into the technical architecture of healthcare applications from day one. HIPAA compliance is not a checkbox — it is an engineering discipline. You will design and implement technical safeguards, conduct security assessments, build audit systems, and ensure that every healthcare application we deliver meets or exceeds HIPAA Privacy Rule, Security Rule, and Breach Notification requirements.

Role: Healthcare Interoperability

Experience: 4+Years

Position Open: 1

Job Location: Iselin Nj

Work from Home Available: Not Available

Salary: Not a constraint for the right candidate

Roles and Responsibility:

Implement HIPAA technical safeguards including encryption at rest and in transit, access controls, and audit logging across all application layers
Design and build automated compliance monitoring systems that continuously assess HIPAA adherence across infrastructure and applications
Conduct technical risk assessments aligned with HIPAA Security Rule requirements and document findings for compliance reporting
Implement PHI data classification, de-identification (Safe Harbor and Expert Determination methods), and minimum necessary access policies
Build secure API architectures for healthcare data exchange with proper authentication, authorization, and consent management
Design Business Associate Agreement (BAA) technical requirements and validate third- party vendor compliance
Create and maintain HIPAA compliance documentation including security policies, incident response plans, and training materials
Collaborate with development teams to integrate compliance checks into CI/CD pipelines (compliance-as-code)

Skill Requirement:

Bachelor’s degree in Computer Science, Information Security, or related field
3+ years of experience in software engineering with at least 2 years focused on healthcare compliance or security
Deep knowledge of HIPAA Privacy Rule, Security Rule, and Breach Notification requirements
Experience implementing technical safeguards for PHI in web, mobile, and cloud applications
Understanding of healthcare data de-identification methods (Safe Harbor, Expert Determination)
Experience with compliance frameworks (SOC 2, HITRUST CSF, NIST 800-66)
Proficiency in at least one major programming language (Python, Java, Node.js, .NET)
Experience with cloud-native compliance tools on AWS, Azure, or GCP

Nice to have

HIPAA Compliance Privacy Rule, Security Rule, Breach Notification, BAA management, risk assessments
Security Engineering AES-256 encryption, TLS 1.3, OAuth 2.0, RBAC, MFA, audit logging
Compliance Frameworks SOC 2 Type II, HITRUST CSF, NIST 800-66, NIST 800-53, ISO 27001
Cloud Compliance AWS Config, Azure Policy, GCP Organization Policies, cloud security posture management
DevSecOps SAST/DAST tools, dependency scanning, compliance-as-code, policy-as-code (OPA, Sentinel)
Data Protection PHI de-identification, data masking, tokenization, DLP solutions, consent management

Qualification: B.Tech/B.E/MCA

Office Timings: 10.00 AM to 7.00 PM

Perks and Benefits: