Included Health

Staff Cloud Security Engineer

Remote

Not SpecifiedCompensation
Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Health Tech, HealthcareIndustries

Staff Cloud Security Engineer

Employment Type: Location Type: Remote Salary:

Position Overview

The Staff Cloud Security Engineer is a critical, hands-on technical role responsible for engineering, implementing, and automating robust security controls within our cloud environments (AWS primarily, with GCP considerations). This role is pivotal in maturing our cloud security posture, securing Included Health's product infrastructure, and directly contributing to the prevention of unauthorized PHI exfiltration. You will help design and develop advanced security solutions, often through code (primarily Python and Go) and automation (Terraform), to address critical challenges in access control, development environment security, and infrastructure hardening. This role requires deep technical expertise in cloud security, strong software development skills for building security tools and automation, and a proactive approach to risk mitigation. You will be a key technical peer to our infrastructure software and engineering teams, driving a culture of security by design and helping to implement solutions that reduce HIPAA incidents. This is a remote role reporting to the Chief Information Security Officer.

Responsibilities

  • Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles, resource-specific restrictions, task-based access, and granular engineering access.
  • Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments (systems, secrets, data) to minimize standing privileges for engineering and platform teams.
  • Collaborate with engineering to integrate data classification (e.g., safe-harbor annotations) with access control mechanisms, ensuring that data sensitivity directly informs access decisions.
  • Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations, vulnerability management, compliance checks, and incident response.
  • Write clean, maintainable, and testable code (primarily Python and Go; familiarity with Ruby is a plus) for security automation, building custom security integrations, and developing security-focused tools.
  • Implement and champion Infrastructure as Code (IaC) principles, specifically using Terraform, for programmatic definition, enforcement, and auditing of security configurations.
  • Contribute to the design and implementation of centralized security controls, such as an engineering-owned Web Application Firewall (WAF), to manage rate limiting, IP blocking, input validation, and request filtering.
  • Partner with engineering teams to establish and implement secure practices for managing the development toolchain (code generation utilities, linters, browser extensions, CLI tools, IDE plugins) to mitigate supply chain risks.
  • Design and help implement a secure, "blessed" mechanism for webhook testing in local development environments, blocking unauthorized tunneling tools.
  • Define, implement, and enforce container security hardening standards (e.g., least privilege, no unnecessary utilities, limited internet access) in collaboration with engineering teams.
  • Drive the remediation of legacy cloud environments, particularly in GCP, by inventorying, assessing, and improving security controls.
  • Design and implement solutions for granular data access control in cloud environments, particularly addressing compliance requirements for handling sensitive data.
  • Collaborate closely with infrastructure software, engineering, DevOps, and product teams to co-design and integrate robust, automated security controls into systems, architectures, and CI/CD pipelines.
  • Act as a subject matter expert on cloud security (AWS, GCP), providing guidance, code reviews (Python, Go), and technical expertise on secure cloud adoption, secure software development, and access control best practices.
  • Support organizational change management efforts related to new security controls and practices by providing technical rationale and assisting in the development of...

Application Instructions

(No specific application instructions were provided in the original text.)

Company Information

(No specific company information was provided in the original text.)

Skills

Cloud Security
AWS
GCP
Python
Go
Terraform
Automation
Access Control
Infrastructure Hardening
Vulnerability Management
Incident Response
Data Classification
HIPAA

Included Health

Healthcare advocacy and specialized care services

About Included Health

Included Health focuses on enhancing the healthcare experience for individuals who often face challenges in accessing quality care. The company provides a variety of services, including primary care, behavioral health, and virtual care, ensuring that members receive timely and appropriate treatment. Their model emphasizes 24/7 on-demand care with a diverse group of providers, allowing for personalized support tailored to complex health needs. Unlike many competitors, Included Health prioritizes underserved populations and partners with employers and consultants to deliver comprehensive healthcare solutions that not only improve health outcomes but also help reduce costs. The ultimate goal of Included Health is to make quality healthcare accessible and understandable for everyone, particularly those who have been overlooked by traditional healthcare systems.

San Francisco, CaliforniaHeadquarters
2020Year Founded
$337.5MTotal Funding
GROWTH_EQUITY_VCCompany Stage
HealthcareIndustries
51-200Employees

Benefits

Along with comprehensive medical, dental and vision plans; all employee spouses and children can access Included Health services at no cost. For time off, take it when you need it with our unaccrued discretionary time off for all exempt employees.

Risks

Competition from Teladoc and Amwell threatens market share.
Post-merger integration challenges could affect service delivery.
Regulatory scrutiny on telehealth may impact operational flexibility.

Differentiation

Included Health offers integrated primary and behavioral health services.
They provide 24/7 on-demand care with diverse providers.
Their data-driven approach enhances healthcare outcomes and reduces costs.

Upsides

Rising demand for telehealth boosts Included Health's virtual care services.
Employers investing in healthcare benefits expand Included Health's client base.
Value-based care models align with Included Health's focus on outcomes.

Land your dream remote job 3x faster with AI