Staff Cloud Security Engineer

🕒 vor 6 Monaten

🇺🇸 Vereinigte Staaten – Remote

💵 $174.320 - $320.099 / Jahr

⏰ Vollzeit

🔴 Experte

👮‍♂️ IT-Sicherheitsingenieur

🦅 H1B-Visum-Sponsor

Dieses Unternehmen hat in der Vergangenheit H1B-Visa gesponsert.

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Included Health

WebsiteLinkedInAlle Stellen

1001 - 5000 Mitarbeiter

☁️ SaaS

🤝 B2B

👥 HR Tech

SaaS • B2B • HR Tech

Included Health ist ein Unternehmen für Gesundheitstechnologie, das personalisierte, auf Arbeitgeber und Krankenversicherungen fokussierte Primär-, Akut- und Verhaltensgesundheitsversorgung über eine einzige App und ein Netzwerk von virtuellen und persönlichen Dienstleistungen anbietet. Es kombiniert KI-gesteuerte Tools und menschliche Pflegeteams, um eine 24/7 Versorgungskoordination, Unterstützung bei Abrechnungen und Ansprüchen, Zweitmeinungen von führenden Spezialisten und Unterstützung für die mentale Gesundheit bereitzustellen, mit dem Ziel, die Gesundheitskosten der Arbeitgeber zu senken und die Mitgliedererfahrung sowie Inklusion zu verbessern.

Beschreibung

• Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles, resource-specific restrictions, task-based access, and granular engineering access • Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments (systems, secrets, data) to minimize standing privileges for engineering and platform teams. • Collaborate with engineering to integrate data classification (e.g., safe-harbor annotations) with access control mechanisms, ensuring that data sensitivity directly informs access decisions. • Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations, vulnerability management, compliance checks, and incident response. • Write clean, maintainable, and testable code (primarily Python and Go; familiarity with Ruby is a plus) for security automation, building custom security integrations, and developing security-focused tools. • Implement and champion Infrastructure as Code (IaC) principles, **specifically using Terraform,** for programmatic definition, enforcement, and auditing of security configurations. • Contribute to the design and implementation of centralized security controls, such as an engineering-owned Web Application Firewall (WAF), to manage rate limiting, IP blocking, input validation, and request filtering. • Partner with engineering teams to establish and implement secure practices for managing the development toolchain (code generation utilities, linters, browser extensions, CLI tools, IDE plugins) to mitigate supply chain risks. • Design and help implement a secure, "blessed" mechanism for webhook testing in local development environments, blocking unauthorized tunneling tools. • Define, implement, and enforce container security hardening standards (e.g., least privilege, no unnecessary utilities, limited internet access) in collaboration with engineering teams. • Drive the remediation of legacy cloud environments, particularly in GCP, by inventorying, assessing, and improving security controls. • Design and implement solutions for granular data access control in cloud environments, particularly addressing compliance requirements for handling sensitive data. • Collaborate closely with infrastructure software, engineering, DevOps, and product teams to co-design and integrate robust, automated security controls into systems, architectures, and CI/CD pipelines. • Act as a subject matter expert on cloud security (AWS, GCP), providing guidance, code reviews (Python, Go), and technical expertise on secure cloud adoption, secure software development, and access control best practices. • Support organizational change management efforts related to new security controls and practices by providing technical rationale and assisting in the development of new workflows. • Conduct security assessments, threat modeling, and contribute to incident response, developing automation for prevention and faster response. • Develop and maintain comprehensive documentation for security architectures, controls, automation scripts, and incident response playbooks.

🎯 Anforderungen

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. • 5+ years of experience in cloud security, with a strong emphasis on designing, **developing (primarily in Python and Go),** and implementing security solutions in AWS. • **Proven hands-on software development experience, particularly in Python and Go, for security automation, building security tools, and infrastructure management.** • **Demonstrable experience designing and implementing robust authorization and access control frameworks (e.g., RBAC, ABAC, policy-as-code) and Just-In-Time (JIT) access solutions.** • Experience with Infrastructure as Code (IaC) with **deep proficiency in writing and maintaining Terraform modules for security.** • Experience with containerization (Docker, Kubernetes/EKS), including **hands-on experience hardening containerized environments.** • Experience with SDLC security, CI/CD pipeline security integration, and secure software development practices. • Experience with security logging, monitoring, alerting tools (e.g., SIEM, AWS CloudTrail, CloudWatch, GuardDuty), and scripting against their APIs (Python, Go). • Experience with cloud security frameworks (especially HIPAA), regulations, and standards.

🏖️ Vorteile

• Remote-first culture • 401(k) savings plan through Fidelity • Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance) • Paid Time Off ("PTO") and Discretionary Time Off ("DTO") • 12 weeks of 100% Paid Parental leave • Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies. • Work-From-Home reimbursement to support team collaboration home office work