virtahealth - Cloud Security Engineer`

• As a Cloud Security Engineer, you will be the driving force behind securing Virta's applications and platform, directly contributing to the trust our members and partners place in us. You'll collaborate across teams to ensure security is a seamless part of our development lifecycle. • Own and Enhance Security Design: Assess our current security controls within GCP and Kubernetes, identify areas for improvement, and drive the maturation of our security posture from good to great. • Champion Secure Development: Partner closely with Engineering, Product, and Platform teams to integrate security best practices early and often ("shift-left") into the software development lifecycle. • Build and Automate: Design, implement, and manage security tooling and automation to streamline vulnerability detection, remediation, and compliance verification. Replace manual processes with efficient, automated solutions. • Refine Access Control: Evolve our identity and access management (IAM) strategy, ensuring least-privilege access and robust auditing capabilities across our systems. • Strengthen Network Security: Continuously improve our network security architecture, policies, and controls within our cloud environment. • Develop Clear Standards: Establish, document, and communicate practical security policies, standards, and guidelines for engineering teams. • Lead Security Initiatives: Drive vulnerability management efforts and enhance our incident response preparedness, ensuring we are ready to handle potential threats effectively. • Cultivate Security Awareness: Act as a security evangelist, promoting security awareness and best practices throughout the engineering organization. • Immerse Yourself: Your initial focus will be on understanding Virta's culture, our mission, our engineering workflows, and the nuances of our cloud platform (GCP/Kubernetes). You'll connect with key engineers and stakeholders across different teams. • Learn the Landscape: You'll dive into our existing systems, CI/CD pipelines, and current security tooling and configurations to get a clear picture of where we stand today. • Assess & Identify Opportunities: Leveraging your expertise, you'll begin evaluating our current security posture, including critical areas like our IAM implementation (RBAC), data security practices, network controls, and existing security policies. You'll identify the highest-impact areas for initial improvement. • Prioritize & Plan: Collaborating with engineering leadership and relevant teams, you'll help shape the initial priorities for application security, translating your assessments into a tangible action plan or roadmap. • Start Building: You won't just be planning! You'll quickly transition to hands-on work, likely starting with foundational projects such as refining IAM roles, enhancing specific security configurations, or beginning to develop key security automation or documentation. • Understanding and practical experience in securing cloud-native applications and infrastructure, particularly in Kubernetes environments. GCP experience is strongly preferred. • Strong grasp of networking concepts, identity management (IAM), encryption, and common web application vulnerabilities (e.g., OWASP Top 10). • Excellent communication skills with the ability to clearly articulate complex security concepts to diverse audiences and influence technical direction across teams. • Significant hands-on experience in application security, including threat modeling, secure coding practices, vulnerability management, and security testing (SAST, DAST, IAST). • Proficiency in Infrastructure as Code (IaC) tools, specifically Terraform. • Development experience with Go and Python. • VALUES-DRIVEN CULTURE • Virta’s company values drive our culture, so you’ll do well if: • You put people first and take care of yourself, your peers, and our patients equally • You have a strong sense of ownership and take initiative while empowering others to do the same • You prioritize positive impact over busy work • You have no ego and understand that everyone has something to bring to the table regardless of experience • You appreciate transparency and promote trust and empowerment through open access of information • You are evidence-based and prioritize data and science over seniority or dogma • You take risks and rapidly iterate • Is this role not quite what you're looking for? Join our Talent Community https://jobs.ashbyhq.com/virtahealth/form/talent-community-form and follow us on Linkedin https://www.linkedin.com/company/virta-health to stay connected!