Cloud Security Engineer

Function Health.com

Remote

Full Time

About Us:

Function was founded with a singular focus: empower you to live 100 healthy years. We’re doing that by using the best available technology to make sure people don't suffer or die a preventable death. Function has been recognized as one of Fast Company’s Most Innovative Companies of 2024, and is venture-backed by Andreessen Horowitz (a16z). Hundreds of thousands of members have joined Function to take control of their health. We are growing our team and seeking out world-class talent that deeply believes in our mission to positively impact global health, has a relentless bias toward action and a growth mindset. Function fosters a collaborative and dynamic environment, where every day we are building the future.

Role:

Function Health is building a modern cloud security program to protect our members and platform as we scale. As a Cloud Security Engineer, you’ll focus on securing our Google Cloud Platform (GCP) environments, designing and enforcing guardrails that make our infrastructure secure by default. This role is hands-on and impact-driven: you’ll own detection, hardening, and automation that directly reduce risk across production systems.
We’re looking for someone who thrives on solving hard technical problems in cloud environments, knows how to balance speed and control, and can turn complex GCP security challenges into practical, automated solutions.

Key Responsibilities:

Serve as the embedded security partner for engineering teams building in GCP, with a focus on pragmatic, high-impact risk reduction.
Orchestrate and implement organization constraints to enforce guardrails and prevent misconfigurations.
Harden GCP environments against misconfiguration and exposure: enforce secure defaults, network segmentation, logging, and monitoring.
Drive adoption of identity- and service-account best practices, including least privilege, key rotation, and elimination of long-lived credentials.
Automate enforcement of cloud security controls using IaC, policy-as-code, and CI/CD guardrails.
Lead cloud vulnerability management, including scanning for misconfigurations, secrets, and exposed services, and partner with teams on remediation.
Integrate CSPM tooling (e.g. Wiz, Upwind, GCP Security Command Center) and cloud-native telemetry into centralized detection and response workflows.
Support incident response by providing expertise on GCP logging, forensics, and containment.
Define and track cloud security KPIs (e.g., % of resources covered by VPC Flow Logs, service accounts without keys, restricted buckets with audit logging).
Partner with product security and infrastructure engineering to shape long-term cloud security strategy.

Qualifications/Skills:

5–8 years of experience in cloud engineering or security, with at least 3 years focused on GCP.
Deep knowledge of GCP services (IAM, VPC, GKE, Cloud Run, GCS, KMS, SCC) and their security implications.
Experience implementing guardrails with Terraform.
Strong grasp of IAM design, service account lifecycle, and secrets management in GCP.
Familiarity with cloud logging/monitoring (Cloud Logging, VPC Flow Logs, SCC findings) and integration into SIEM/SOAR.
Strong scripting or development skills (Python preferred) for automation.
Ability to influence engineering teams toward secure patterns without slowing them down.
Bonus: experience with HIPAA/HITRUST environments, SOC 2 Type II audits, or healthcare data protection.

To Be A Strong Fit, You Also Need:

Bias Toward Action: Demonstrated ability to take initiative, make decisions under uncertainty, and move projects forward even in the face of ambiguity. We value individuals who are self-starters and ready to act on opportunities and challenges alike.
Entrepreneurial Spirit: Strong adaptability to changing business needs with a knack for building and optimizing processes. Your entrepreneurial mindset will be crucial in navigating the dynamic landscape of our industry, ensuring our platform remains competitive and responsive to user needs.
Communication: Excellent communication skills, capable of explaining complex technical concepts to non-technical stakeholders. Effective communication is vital for cross-functional collaboration and ensuring alignment across our organization.
Remote Work Adaptability: Comfort with remote work environments, demonstrating the ability to stay productive and connected with the team irrespective of physical location.
Continuous Improvement: A willingness to question assumptions and a commitment to continuous improvement. Your openness to feedback and dedication to personal and professional growth will contribute significantly to our collective success.

We value our team at Function and offer a competitive salary and benefits package, flexible working hours, and a dynamic work environment where creativity and innovation are encouraged. If you are a highly motivated and experienced individual who is passionate about using technology to improve people’s lives, we would love to hear from you.
Join the Function Health team and become a part of our mission to revolutionize healthcare. Work with us to make a difference in the lives of thousands, ensuring a healthier future for all. Discover more about us and how we're changing the face of healthcare at Function Health.