Senior Cloud Security Engineer

Function Health is a company dedicated to empowering individuals to live healthier lives through technology. They are seeking a Senior Cloud Security Engineer to build and manage a cloud security program, focusing on securing their Google Cloud Platform environments and implementing best practices to reduce risks across production systems.

Responsibilities:

• Multi-Cloud Engineering: Serve as the primary security partner for teams building across AWS, GCP, and Azure, ensuring pragmatic, high-impact risk reduction and consistency across all environments
• Infrastructure Guardrails: Orchestrate and implement organization-level constraints to enforce guardrails and prevent misconfigurations using a "secure-by-default" philosophy
• Edge Defense & Connectivity: Own the Cloudflare stack, including the deployment and tuning of WAF rules for public endpoints, global DNS management, and edge-level threat mitigation
• Code-to-Cloud Remediation: Partner with engineering to address risks at their origin by mapping cloud vulnerabilities back to source code and integrating automated security checks into CI/CD pipelines
• Workload Hardening: Drive deep visibility into cloud workloads, enforcing secure defaults for OS-level hardening, network segmentation, logging, and runtime monitoring
• Identity & Access Governance: Lead the adoption of identity best practices across all cloud providers, focusing on least privilege and the elimination of long-lived credentials
• Automated Response & Remediation: Design and build automated workflows to remediate high-priority cloud risks and misconfigurations, turning manual security tasks into scalable code
• SecOps Partnership: Support the Detection and Response function by integrating cloud-native telemetry and CSPM findings into centralized workflows, providing expertise on cloud forensics and containment
• Vulnerability Management: Lead the identification and lifecycle management of cloud-based vulnerabilities, including secrets exposure and service misconfigurations, while partnering with teams on practical fixes
• Metrics & Strategy: Define and track cloud security KPIs (e.g., remediation velocity, public endpoint coverage, IAM hygiene) to help shape the long-term infrastructure security roadmap

Requirements:

• Multi-Cloud Expertise: 5-8 years in cloud security with proven experience managing security controls in AWS, GCP, and Azure
• Hands-on experience with the Wiz platform. Preference for candidates who have moved beyond the dashboard and into WizOS, Runtime, and Response & Remediation
• Deep knowledge of GCP services (IAM, VPC, GKE, Cloud Run, GCS, KMS, SCC) and their security implications
• Experience implementing guardrails with Terraform
• Strong grasp of IAM design, service account lifecycle, and secrets management in the cloud
• Familiarity with cloud logging/monitoring (Cloud Logging, VPC Flow Logs, Wiz findings) and integration into SIEM/SOAR
• Proficiency in Python and Terraform is required. You should be comfortable writing scripts that interact with Cloud APIs to automate infrastructure changes
• Ability to work as a peer to Engineering, providing the 'how' of security remediation, not just the 'what.'
• Bonus: experience with HIPAA/HITRUST environments, SOC 2 Type II audits, or healthcare data protection
• Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity
• Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes
• Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders
• Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location
• Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement