Staff Software Engineer, Cloud Security

About this role

The Staff Cloud Security Engineer is a critical, hands-on technical role responsible for engineering, implementing, and automating robust security controls within our cloud environments (AWS primarily, with GCP considerations). This role is pivotal in maturing our cloud security posture, securing Included Health's product infrastructure, and directly contributing to the prevention of unauthorized PHI exfiltration. You will help design and develop advanced security solutions, often through code (Python, Go, etc.) and automation (Terraform), to address critical challenges in access control, development environment security, and infrastructure hardening. This role requires deep technical expertise in cloud security, strong software development skills for building security tools and automation, and a proactive approach to risk mitigation. You will be a key technical peer to our infrastructure software and engineering teams, driving a culture of security by design and helping to implement solutions that reduce HIPAA incidents. This is a remote role reporting to the Chief Information Security Officer.

### Responsibilities:

• Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles, resource-specific restrictions, task-based access, and granular engineering access
• Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments (systems, secrets, data) to minimize standing privileges for engineering and platform teams.
• Collaborate with engineering to integrate data classification (e.g., safe-harbor annotations) with access control mechanisms, ensuring that data sensitivity directly informs access decisions.
• Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations, vulnerability management, compliance checks, and incident response.
• Write clean, maintainable, and testable code (primarily Py...