FFunction Health is hiringCloud Security Engineer

About Us:

Role:

• Multi-Cloud Engineering: Serve as the primary security partner for teams building across AWS, GCP, and Azure, ensuring pragmatic, high-impact risk reduction and consistency across all environments.
• Infrastructure Guardrails: Orchestrate and implement organization-level constraints to enforce guardrails and prevent misconfigurations using a "secure-by-default" philosophy.
• Edge Defense & Connectivity: Own the Cloudflare stack, including the deployment and tuning of WAF rules for public endpoints, global DNS management, and edge-level threat mitigation.
• Code-to-Cloud Remediation: Partner with engineering to address risks at their origin by mapping cloud vulnerabilities back to source code and integrating automated security checks into CI/CD pipelines.
• Workload Hardening: Drive deep visibility into cloud workloads, enforcing secure defaults for OS-level hardening, network segmentation, logging, and runtime monitoring.
• Identity & Access Governance: Lead the adoption of identity best practices across all cloud providers, focusing on least privilege and the elimination of long-lived credentials.
• Automated Response & Remediation: Design and build automated workflows to remediate high-priority cloud risks and misconfigurations, turning manual security tasks into scalable code.
• SecOps Partnership: Support the Detection and Response function by integrating cloud-native telemetry and CSPM findings into centralized workflows, providing expertise on cloud forensics and containment.
• Vulnerability Management: Lead the identification and lifecycle management of cloud-based vulnerabilities, including secrets exposure and service misconfigurations, while partnering with teams on practical fixes.
• Metrics & Strategy: Define and track cloud security KPIs (e.g., remediation velocity, public endpoint coverage, IAM hygiene) to help shape the long-term infrastructure security roadmap.

• Multi-Cloud Expertise: 5-8 years in cloud security with proven experience managing security controls in AWS, GCP, and Azure.
• Hands-on experience with the Wiz platform. Preference for candidates who have moved beyond the dashboard and into WizOS, Runtime, and Response & Remediation.
• Deep knowledge of GCP services (IAM, VPC, GKE, Cloud Run, GCS, KMS, SCC) and their security implications.
• Experience implementing guardrails with Terraform.
• Strong grasp of IAM design, service account lifecycle, and secrets management in the cloud.
• Familiarity with cloud logging/monitoring (Cloud Logging, VPC Flow Logs, Wiz findings) and integration into SIEM/SOAR.
• Proficiency in Python and Terraform is required. You should be comfortable writing scripts that interact with Cloud APIs to automate infrastructure changes.
• Ability to work as a peer to Engineering, providing the "how" of security remediation, not just the "what."
• Bonus: experience with HIPAA/HITRUST environments, SOC 2 Type II audits, or healthcare data protection.

To be a strong fit, you also need:

• Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity. We value individuals who are self-starters and ready to act on opportunities and challenges alike.
• Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes. Your entrepreneurial mindset will be crucial in navigating the dynamic landscape of our industry, ensuring our platform remains competitive and responsive to user needs.
• Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders. Effective communication is vital for cross-functional collaboration and ensuring alignment across our organization.
• Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location.
• Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement. Your openness to feedback and dedication to personal and professional growth will contribute significantly to our collective success.