[Remote] Cloud Security Engineer`

Note: The job is a remote job and is open to candidates in USA. Virta Health is on a mission to reverse metabolic disease in one billion people through innovations in technology and personalized care. They are seeking a Cloud Security Engineer to lead the application security program, ensuring security is integrated into the development lifecycle and protecting sensitive health information.

Responsibilities

• Own and Enhance Security Design: Assess our current security controls within GCP and Kubernetes, identify areas for improvement, and drive the maturation of our security posture from good to great
• Champion Secure Development: Partner closely with Engineering, Product, and Platform teams to integrate security best practices early and often ("shift-left") into the software development lifecycle
• Build and Automate: Design, implement, and manage security tooling and automation to streamline vulnerability detection, remediation, and compliance verification. Replace manual processes with efficient, automated solutions
• Refine Access Control: Evolve our identity and access management (IAM) strategy, ensuring least-privilege access and robust auditing capabilities across our systems
• Strengthen Network Security: Continuously improve our network security architecture, policies, and controls within our cloud environment
• Develop Clear Standards: Establish, document, and communicate practical security policies, standards, and guidelines for engineering teams
• Lead Security Initiatives: Drive vulnerability management efforts and enhance our incident response preparedness, ensuring we are ready to handle potential threats effectively
• Cultivate Security Awareness: Act as a security evangelist, promoting security awareness and best practices throughout the engineering organization

Skills

• Understanding and practical experience in securing cloud-native applications and infrastructure, particularly in Kubernetes environments. GCP experience is strongly preferred
• Strong grasp of networking concepts, identity management (IAM), encryption, and common web application vulnerabilities (e.g., OWASP Top 10)
• Excellent communication skills with the ability to clearly articulate complex security concepts to diverse audiences and influence technical direction across teams
• Significant hands-on experience in application security, including threat modeling, secure coding practices, vulnerability management, and security testing (SAST, DAST, IAST)
• Proficiency in Infrastructure as Code (IaC) tools, specifically Terraform
• Development experience with Go and Python

Company Overview

Company H1B Sponsorship