Virta HealthRemote
Cloud Security Engineer`
United States of America
Full Time
3 hours ago
$145,000 - $188,000 USD
H1B Sponsor Likely
Key skills
Cloud SecurityKubernetesGoogle Cloud Platform (GCP)NetworkingIdentityAccess Management (IAM)EncryptionWeb Application SecurityApplication SecurityThreat ModelingSecure CodingVulnerability ManagementSecurity TestingInfrastructure as Code (Terraform)Go ProgrammingPython ProgrammingPythonGoGCPTerraformIAMIdentity ManagementCommunicationOWASPNetwork Security
About this role
Virta Health is on a mission to reverse metabolic disease in one billion people. They are seeking a Cloud Security Engineer to build and mature their application security program, ensuring that security is integrated seamlessly into their development lifecycle.
Responsibilities:
- Own and Enhance Security Design: Assess our current security controls within GCP and Kubernetes, identify areas for improvement, and drive the maturation of our security posture from good to great
- Champion Secure Development: Partner closely with Engineering, Product, and Platform teams to integrate security best practices early and often ("shift-left") into the software development lifecycle
- Build and Automate: Design, implement, and manage security tooling and automation to streamline vulnerability detection, remediation, and compliance verification. Replace manual processes with efficient, automated solutions
- Refine Access Control: Evolve our identity and access management (IAM) strategy, ensuring least-privilege access and robust auditing capabilities across our systems
- Strengthen Network Security: Continuously improve our network security architecture, policies, and controls within our cloud environment
- Develop Clear Standards: Establish, document, and communicate practical security policies, standards, and guidelines for engineering teams
- Lead Security Initiatives: Drive vulnerability management efforts and enhance our incident response preparedness, ensuring we are ready to handle potential threats effectively
- Cultivate Security Awareness: Act as a security evangelist, promoting security awareness and best practices throughout the engineering organization
Requirements:
- Understanding and practical experience in securing cloud-native applications and infrastructure, particularly in Kubernetes environments
- Strong grasp of networking concepts, identity management (IAM), encryption, and common web application vulnerabilities (e.g., OWASP Top 10)
- Excellent communication skills with the ability to clearly articulate complex security concepts to diverse audiences and influence technical direction across teams
- Significant hands-on experience in application security, including threat modeling, secure coding practices, vulnerability management, and security testing (SAST, DAST, IAST)
- Proficiency in Infrastructure as Code (IaC) tools, specifically Terraform
- Development experience with Go and Python
- GCP experience is strongly preferred