Staff Cloud Security Engineer - Remote

About the Role

We are seeking a Staff Cloud Security Engineer to join our team remotely. In this critical role, you will engineer, implement, and automate robust security controls within our cloud environments, primarily AWS, with considerations for GCP. Your expertise will play a pivotal role in maturing our cloud security posture and securing Included Health's product infrastructure, directly contributing to the prevention of unauthorized PHI exfiltration.

What You'll Do

• Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles and resource-specific restrictions.
• Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments to minimize standing privileges.
• Collaborate with engineering teams to integrate data classification with access control mechanisms.
• Develop and maintain security automation scripts and tools in Python or Go to streamline security operations.
• Write clean, maintainable, and testable code for security automation and building custom security integrations.
• Implement Infrastructure as Code (IaC) principles using Terraform for security configurations.
• Contribute to centralized security controls, such as an engineering-owned Web Application Firewall (WAF).
• Partner with engineering teams to establish secure practices for managing the development toolchain.
• Define and enforce container security hardening standards in collaboration with engineering teams.
• Drive the remediation of legacy cloud environments, particularly in GCP.
• Act as a subject matter expert on cloud security, providing guidance and technical expertise.
• Conduct security assessments and contribute to incident response efforts.

Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 5+ years of experience in cloud security, focusing on designing and implementing security solutions in AWS.
• Proven software development experience in Python and Go for security automation.
• Experience designing and implementing robust authorization and access control frameworks.
• Deep proficiency in Infrastructure as Code (IaC) with Terraform.
• Experience with containerization (Docker, Kubernetes/EKS) and hardening containerized environments.
• Experience with SDLC security and CI/CD pipeline security integration.
• Familiarity with security logging, monitoring, and alerting tools.

Nice to Have

• Familiarity with Ruby.
• Experience with cloud security frameworks, especially HIPAA.

What We Offer

• Remote-first culture with flexible work arrangements.
• 401(k) savings plan through Fidelity.
• Comprehensive medical, vision, and dental coverage.
• Paid Time Off (PTO) and Discretionary Time Off (DTO).
• 12 weeks of 100% Paid Parental leave.
• Family Building & Compassionate Leave benefits.
• Work-From-Home reimbursement to support home office work.