Staff Cloud Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Included Health · 3 hours ago

Staff Cloud Security Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$174K/yr - $320K/yr
date5+ years exp

Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. The Staff Cloud Security Engineer is responsible for engineering, implementing, and automating robust security controls within cloud environments, primarily AWS, to enhance the company's security posture and prevent unauthorized PHI exfiltration.

Health CareHospitalMedicalmHealth
check
H1B Sponsor Likelynote

Responsibilities

Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles, resource-specific restrictions, task-based access, and granular engineering access
Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments (systems, secrets, data) to minimize standing privileges for engineering and platform teams
Collaborate with engineering to integrate data classification (e.g., safe-harbor annotations) with access control mechanisms, ensuring that data sensitivity directly informs access decisions
Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations, vulnerability management, compliance checks, and incident response
Write clean, maintainable, and testable code (primarily Python and Go; familiarity with Ruby is a plus) for security automation, building custom security integrations, and developing security-focused tools
Implement and champion Infrastructure as Code (IaC) principles, specifically using Terraform, for programmatic definition, enforcement, and auditing of security configurations
Contribute to the design and implementation of centralized security controls, such as an engineering-owned Web Application Firewall (WAF), to manage rate limiting, IP blocking, input validation, and request filtering
Partner with engineering teams to establish and implement secure practices for managing the development toolchain (code generation utilities, linters, browser extensions, CLI tools, IDE plugins) to mitigate supply chain risks
Design and help implement a secure, "blessed" mechanism for webhook testing in local development environments, blocking unauthorized tunneling tools
Define, implement, and enforce container security hardening standards (e.g., least privilege, no unnecessary utilities, limited internet access) in collaboration with engineering teams
Drive the remediation of legacy cloud environments, particularly in GCP, by inventorying, assessing, and improving security controls
Design and implement solutions for granular data access control in cloud environments, particularly addressing compliance requirements for handling sensitive data
Collaborate closely with infrastructure software, engineering, DevOps, and product teams to co-design and integrate robust, automated security controls into systems, architectures, and CI/CD pipelines
Act as a subject matter expert on cloud security (AWS, GCP), providing guidance, code reviews (Python, Go), and technical expertise on secure cloud adoption, secure software development, and access control best practices
Support organizational change management efforts related to new security controls and practices by providing technical rationale and assisting in the development of new workflows
Conduct security assessments, threat modeling, and contribute to incident response, developing automation for prevention and faster response
Develop and maintain comprehensive documentation for security architectures, controls, automation scripts, and incident response playbooks

Qualification

Cloud SecurityPythonGoTerraformContainerizationAuthorization FrameworksInfrastructure as CodeCI/CD SecuritySecurity AutomationSoft Skills

Required

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
5+ years of experience in cloud security, with a strong emphasis on designing, developing (primarily in Python and Go), and implementing security solutions in AWS
Proven hands-on software development experience, particularly in Python and Go, for security automation, building security tools, and infrastructure management
Demonstrable experience designing and implementing robust authorization and access control frameworks (e.g., RBAC, ABAC, policy-as-code) and Just-In-Time (JIT) access solutions
Experience with Infrastructure as Code (IaC) with deep proficiency in writing and maintaining Terraform modules for security
Experience with containerization (Docker, Kubernetes/EKS), including hands-on experience hardening containerized environments
Experience with SDLC security, CI/CD pipeline security integration, and secure software development practices
Experience with security logging, monitoring, alerting tools (e.g., SIEM, AWS CloudTrail, CloudWatch, GuardDuty), and scripting against their APIs (Python, Go)
Experience with cloud security frameworks (especially HIPAA), regulations, and standards

Preferred

Familiarity with Ruby is a plus

Benefits

Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Paid Time Off ("PTO") and Discretionary Time Off ("DTO")
12 weeks of 100% Paid Parental leave
Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
Work-From-Home reimbursement to support team collaboration home office work

Company

Included Health

twittertwitter
Glassdoor3.6
company-logo
Included Health provides a combination of virtual care, navigation, and communities-based healthcare services.
dateFounded in 2011
location
San Francisco, California, USA
people-size1001-5000 employees
web-link
http://www.includedhealth.com

H1B Sponsorship

Included Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (12)
2024 (9)
2023 (8)
2022 (6)

Funding

Current Stage
Late Stage
Total Funding
$344M
Key Investors
The Carlyle GroupGreylockVenrock
2020-09-09Series E· $175M
2018-05-02Series D· $66M
2017-01-01Series Unknown

Leadership Team

leader-logo
Owen Tripp
Chief Executive Officer
linkedin
leader-logo
Wade Chambers
CTO & SVP of Engineering
linkedin

Recent News

Fierce Healthcare
Included Health rolls out AI assistant for members with broad ambitions to support preventive care, population health
2025-12-24
Business Insider
Included Health is launching an AI personal health assistant that'll face off with Big Tech from Verily to OpenAI
2025-12-11
Business Wire
Included Health Expands Platform to Deliver AI-Driven, Clinician-in-the-Loop Experience
2025-12-11
Company data provided by crunchbase