Key skills
GCP securityTerraformIAM designCloud LoggingPythonContinuous ImprovementEntrepreneurial SpiritBias Toward ActionCommunicationGCPGoogle CloudGKEIAMCloud RunGCSCI/CDRemote WorkCloud Security
About this role
Function Health is a company focused on empowering individuals to live healthier lives through technology. They are seeking a Cloud Security Engineer to build and manage a cloud security program that protects their members and platform, emphasizing securing Google Cloud Platform environments and automating security controls.
Responsibilities:
- Serve as the embedded security partner for engineering teams building in GCP, with a focus on pragmatic, high-impact risk reduction
- Orchestrate and implement organization constraints to enforce guardrails and prevent misconfigurations
- Harden GCP environments against misconfiguration and exposure: enforce secure defaults, network segmentation, logging, and monitoring
- Drive adoption of identity- and service-account best practices, including least privilege, key rotation, and elimination of long-lived credentials
- Automate enforcement of cloud security controls using IaC, policy-as-code, and CI/CD guardrails
- Lead cloud vulnerability management, including scanning for misconfigurations, secrets, and exposed services, and partner with teams on remediation
- Integrate CSPM tooling (e.g. Wiz, Upwind, GCP Security Command Center) and cloud-native telemetry into centralized detection and response workflows
- Support incident response by providing expertise on GCP logging, forensics, and containment
- Define and track cloud security KPIs (e.g., % of resources covered by VPC Flow Logs, service accounts without keys, restricted buckets with audit logging)
- Partner with product security and infrastructure engineering to shape long-term cloud security strategy
Requirements:
- 5–8 years of experience in cloud engineering or security, with at least 3 years focused on GCP
- Deep knowledge of GCP services (IAM, VPC, GKE, Cloud Run, GCS, KMS, SCC) and their security implications
- Experience implementing guardrails with Terraform
- Strong grasp of IAM design, service account lifecycle, and secrets management in GCP
- Familiarity with cloud logging/monitoring (Cloud Logging, VPC Flow Logs, SCC findings) and integration into SIEM/SOAR
- Strong scripting or development skills (Python preferred) for automation
- Ability to influence engineering teams toward secure patterns without slowing them down
- Bonus: experience with HIPAA/HITRUST environments, SOC 2 Type II audits, or healthcare data protection
- Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity
- Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes
- Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders
- Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location
- Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement