SOTA Cloud is a cloud-native dental imaging platform that operates as FDA Class II Software as a Medical Device. They are seeking a Senior / Staff Platform Security Engineer to own the platform security strategy and hands-on implementation across their cloud infrastructure, ensuring security compliance and effective vulnerability management.
Responsibilities:
- Azure and AKS platform security
- Production access and privileged access patterns
- Vulnerability management and remediation coordination
- Security tooling configuration and signal quality
- Technical security standards for cloud and platform systems
- Security evidence and technical communication with Security and Privacy Compliance
- CI/CD and infrastructure-as-code security guardrails
- Security recommendations and implementation plans for CTO approval
- Improve security posture across Azure, AKS, Azure SQL, networking, storage, identity, secrets, and production runtime
- Harden Kubernetes workloads, ingress paths, workload identity, secrets handling, and container configuration
- Own vulnerability triage, prioritization, remediation tracking, exceptions, and reporting
- Tune security tooling such as Aikido, CrowdStrike, Vanta, New Relic, Microsoft Defender for Cloud, Sentinel, or comparable systems
- Improve privileged access workflows using least privilege, just-in-time access, PIM, access reviews, and clear production-access evidence
- Support security improvements in CI/CD pipelines, including SAST, SCA, secrets scanning, infrastructure-as-code scanning, and container scanning where appropriate
- Partner with software developers to make security findings understandable, actionable, and resolved at the source
- Serve as a technical partner to the Security and Privacy Compliance team for audits, customer reviews, risk assessments, and control evidence
- Work within documented change-control processes for security-relevant and production-relevant changes
- Support security and platform incident response when needed
Requirements:
- 8+ years of experience in cloud security, platform security, security engineering, infrastructure security, DevSecOps, SRE, DevOps, or related technical infrastructure roles
- 4+ years of experience in security-focused roles such as platform security, cloud security, application security, DevSecOps, or production security engineering
- Deep hands-on Azure experience, including AKS, Entra ID, networking, storage, Azure SQL, secrets management, monitoring, and production access controls
- Strong understanding of cloud/platform security architecture, least privilege, secure configuration, production access, and vulnerability remediation
- Hands-on experience with Kubernetes security, container security, workload identity, network controls, and production runtime hardening
- Experience with vulnerability management and practical prioritization based on exploitability, exposure, and business impact
- Experience with privileged access models, just-in-time access, PIM, access reviews, and least-privilege controls
- Experience with infrastructure as code using Terraform, Bicep, or comparable tooling
- Practical familiarity with CI/CD pipelines and software delivery workflows
- Ability to work directly with software engineers to explain and remediate security findings
- Ability to communicate technical security controls clearly to compliance, privacy, engineering, IT, and executive stakeholders
- Strong written communication skills for documentation, findings, exceptions, remediation plans, and audit evidence
- Ability to operate independently, identify gaps, make recommendations, and drive approved work to completion
- 10+ years of relevant experience
- Experience in regulated environments such as HIPAA, SOC 2, ISO 13485, ISO 27001, FDA-regulated software, healthcare SaaS, fintech, or other high-assurance environments
- Experience with SaMD, medical device software, FDA QMSR, ISO 13485/MDSAP, or validated software development environments
- Familiarity with Aikido, CrowdStrike, Vanta, New Relic, Microsoft Defender for Cloud, Sentinel, or comparable tools
- Experience with SAML, OIDC, SCIM, SSO, MFA, Conditional Access, PIM, and access reviews
- Experience with Azure Policy, Log Analytics, Key Vault, managed identities, and workload identity
- Experience with GitHub Actions, Azure DevOps, or comparable development and release tooling
- Experience with threat modeling, secure architecture reviews, incident response, root-cause analysis, or tabletop exercises
- Certifications such as Azure Security Engineer Associate, Certified Kubernetes Security Specialist, CCSP, CISSP, or equivalent hands-on experience