[Remote] Staff Software Engineer, Cloud Security

Note: The job is a remote job and is open to candidates in USA. Included Health is a new kind of healthcare company focused on delivering integrated virtual care and navigation. They are seeking a Staff Software Engineer in Cloud Security to engineer, implement, and automate robust security controls within their cloud environments, primarily AWS, while contributing to the prevention of unauthorized PHI exfiltration.

Responsibilities

• Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles, resource-specific restrictions, task-based access, and granular engineering access
• Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments (systems, secrets, data) to minimize standing privileges for engineering and platform teams
• Collaborate with engineering to integrate data classification (e.g., safe-harbor annotations) with access control mechanisms, ensuring that data sensitivity directly informs access decisions
• Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations, vulnerability management, compliance checks, and incident response
• Write clean, maintainable, and testable code (primarily Python and Go; familiarity with Ruby is a plus) for security automation, building custom security integrations, and developing security-focused tools
• Implement and champion Infrastructure as Code (IaC) principles, specifically using Terraform, for programmatic definition, enforcement, and auditing of security configurations
• Contribute to the design and implementation of centralized security controls, such as an engineering-owned Web Application Firewall (WAF), to manage rate limiting, IP blocking, input validation, and request filtering
• Partner with engineering teams to establish and implement secure practices for managing the development toolchain (code generation utilities, linters, browser extensions, CLI tools, IDE plugins) to mitigate supply chain risks
• Design and help implement a secure, "blessed" mechanism for webhook testing in local development environments, blocking unauthorized tunneling tools
• Define, implement, and enforce container security hardening standards (e.g., least privilege, no unnecessary utilities, limited internet access) in collaboration with engineering teams
• Drive the remediation of legacy cloud environments, particularly in GCP, by inventorying, assessing, and improving security controls
• Design and implement solutions for granular data access control in cloud environments, particularly addressing compliance requirements for handling sensitive data
• Collaborate closely with infrastructure software, engineering, DevOps, and product teams to co-design and integrate robust, automated security controls into systems, architectures, and CI/CD pipelines
• Act as a subject matter expert on cloud security (AWS, GCP), providing guidance, code reviews (Python, Go), and technical expertise on secure cloud adoption, secure software development, and access control best practices
• Support organizational change management efforts related to new security controls and practices by providing technical rationale and assisting in the development of new workflows
• Conduct security assessments, threat modeling, and contribute to incident response, developing automation for prevention and faster response
• Develop and maintain comprehensive documentation for security architectures, controls, automation scripts, and incident response playbooks

Skills

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• 5+ years of experience in cloud security, with a strong emphasis on designing, developing (primarily in Python and Go), and implementing security solutions in AWS
• Proven hands-on software development experience, particularly in Python and Go, for security automation, building security tools, and infrastructure management
• Demonstrable experience designing and implementing robust authorization and access control frameworks (e.g., RBAC, ABAC, policy-as-code) and Just-In-Time (JIT) access solutions
• Experience with Infrastructure as Code (IaC) with deep proficiency in writing and maintaining Terraform modules for security
• Experience with containerization (Docker, Kubernetes/EKS), including hands-on experience hardening containerized environments
• Experience with SDLC security, CI/CD pipeline security integration, and secure software development practices
• Experience with security logging, monitoring, alerting tools (e.g., SIEM, AWS CloudTrail, CloudWatch, GuardDuty), and scripting against their APIs (Python, Go)
• Experience with cloud security frameworks (especially HIPAA), regulations, and standards

Benefits

• Equity
• Benefits
• Remote-first culture
• 401(k) savings plan through Fidelity
• Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
• Paid Time Off ("PTO") and Discretionary Time Off ("DTO")
• 12 weeks of 100% Paid Parental leave
• Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
• Work-From-Home reimbursement to support team collaboration home office work

Company Overview

Company H1B Sponsorship