Key skills
Multi-Cloud ExpertiseGCP Security KnowledgePython ProficiencyTerraform ExperienceWiz Platform ExperienceIAM Design KnowledgeCloud Logging/MonitoringBias Toward ActionEntrepreneurial SpiritContinuous ImprovementCommunication SkillsPythonAWSAzureGCPGoogle CloudTerraformGKEIAMCloud RunGCSCloudflareCI/CDCommunicationRemote WorkCloud SecurityWAF
About this role
Function Health is a company focused on empowering individuals to live healthier lives through technology. They are seeking a Cloud Security Engineer to build a modern cloud security program, focusing on securing Google Cloud Platform environments and implementing guardrails to ensure infrastructure security.
Responsibilities:
- Serve as the primary security partner for teams building across AWS, GCP, and Azure, ensuring pragmatic, high-impact risk reduction and consistency across all environments
- Orchestrate and implement organization-level constraints to enforce guardrails and prevent misconfigurations using a "secure-by-default" philosophy
- Own the Cloudflare stack, including the deployment and tuning of WAF rules for public endpoints, global DNS management, and edge-level threat mitigation
- Partner with engineering to address risks at their origin by mapping cloud vulnerabilities back to source code and integrating automated security checks into CI/CD pipelines
- Drive deep visibility into cloud workloads, enforcing secure defaults for OS-level hardening, network segmentation, logging, and runtime monitoring
- Lead the adoption of identity best practices across all cloud providers, focusing on least privilege and the elimination of long-lived credentials
- Design and build automated workflows to remediate high-priority cloud risks and misconfigurations, turning manual security tasks into scalable code
- Support the Detection and Response function by integrating cloud-native telemetry and CSPM findings into centralized workflows, providing expertise on cloud forensics and containment
- Lead the identification and lifecycle management of cloud-based vulnerabilities, including secrets exposure and service misconfigurations, while partnering with teams on practical fixes
- Define and track cloud security KPIs (e.g., remediation velocity, public endpoint coverage, IAM hygiene) to help shape the long-term infrastructure security roadmap
Requirements:
- 5-8 years in cloud security with proven experience managing security controls in AWS, GCP, and Azure
- Hands-on experience with the Wiz platform. Preference for candidates who have moved beyond the dashboard and into WizOS, Runtime, and Response & Remediation
- Deep knowledge of GCP services (IAM, VPC, GKE, Cloud Run, GCS, KMS, SCC) and their security implications
- Experience implementing guardrails with Terraform
- Strong grasp of IAM design, service account lifecycle, and secrets management in the cloud
- Familiarity with cloud logging/monitoring (Cloud Logging, VPC Flow Logs, Wiz findings) and integration into SIEM/SOAR
- Proficiency in Python and Terraform is required. You should be comfortable writing scripts that interact with Cloud APIs to automate infrastructure changes
- Ability to work as a peer to Engineering, providing the 'how' of security remediation, not just the 'what.'
- Experience with HIPAA/HITRUST environments, SOC 2 Type II audits, or healthcare data protection
- Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity
- Strong adaptability to changing business needs with a knack for building and optimizing processes
- Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders
- Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location
- A willingness to question assumptions and a commitment to continuous improvement