Staff Software Engineer, Cloud Security

TL;DR

Staff Software Engineer, Cloud Security (AWS/GCP): Engineering, implementing, and automating robust security controls across cloud environments with an accent on authorization/access control frameworks, Just-In-Time (JIT) access, and infrastructure hardening. Focus on building security tools and automation through code (Python/Go) and Terraform, integrating security into CI/CD, and preventing unauthorized PHI exfiltration.

Location: Remote

Salary: $174,320 - $320,099 + equity + benefits

Company

hirify.global is a healthcare company delivering integrated virtual care and navigation.

What you will do

• Design and implement a comprehensive cloud authorization framework (roles, resource restrictions, task-based access, granular engineering access).
• Implement Just-In-Time (JIT) access control for production systems, secrets, and data to minimize standing privileges.
• Build security automation tools and services in Python or Go, including vulnerability management, compliance checks, and incident response support.
• Apply Infrastructure as Code (Terraform) to define, enforce, and audit security configurations; champion centralized security controls like an engineering-owned WAF.
• Harden containers and implement secure development toolchain practices to mitigate supply chain risks.
• Conduct security assessments and threat modeling, support incident response, and remediate legacy cloud environments (especially GCP) with improved controls.

Requirements

• 5+ years of cloud security experience with hands-on security solution development and implementation in AWS (primarily in Python and Go).
• Proven experience designing and implementing authorization/access control frameworks (e.g., RBAC/ABAC, policy-as-code) and Just-In-Time (JIT) access solutions.
• Deep proficiency with Infrastructure as Code, specifically writing and maintaining Terraform modules for security.
• Experience with containerization and hardening (Docker, Kubernetes/EKS).
• Experience integrating SDLC and CI/CD pipeline security and secure software development practices.
• Experience with security logging/monitoring/alerting (e.g., SIEM, AWS CloudTrail/CloudWatch/GuardDuty) and scripting against their APIs.

Culture & Benefits

• Remote-first culture.
• 401(k) savings plan through Fidelity.
• Comprehensive medical, vision, and dental coverage (multiple plan options, including disability insurance).
• Paid Time Off (PTO) and Discretionary Time Off (DTO).
• 12 weeks of 100% paid parental leave.
• Work-from-home reimbursement to support home office work.

Hiring process

• Recruiter shares the geographic compensation zone during the hiring process.
• Hiring uses AI-assisted tools at select stages, with final decisions made by recruiting and hiring teams.