• Work cross-functionally with Information Security Operations and Infrastructure/DevOps teams, to administer and optimize security posture across multi-cloud (GCP/AWS) infrastructure, including native security services, IAM, logging, and threat detection.
• Triage and respond to cloud security alerts and vulnerabilities; implement timely mitigations, configuration changes, and patches.
• Own configuration and hygiene for cloud security consoles (examples: GCP Security Command Center, Cloud Logging, Cloud Armor, KMS, IAM, etc.).
• Partner with DevOps to implement secure baseline configurations and guardrails (network segmentation, least privilege, encryption, key management, secrets handling, egress controls), in alignment with industry standard frameworks such as CIS, NIST 800-53, OWASP Top 10, etc.
• Run day-to-day vulnerability workflows: detection, prioritization, remediation, and validation across cloud services, hosts, containers, and third-party dependencies.
• Manage and harden security configurations for Kubernetes Engine environments, including:
  • Cluster and node security settings, RBAC, pod security controls, network policies, admission controls, and runtime security, Image vulnerability scanning, container supply-chain controls, patch cadence and version lifecycle management for clusters/nodes and supporting components.
• Support secure implementations/integrations of AI within cloud infrastructure, including:
  • Data protection controls (PII/PHI handling, encryption, retention, audit logging).
  • Network controls (private connectivity where feasible, egress restrictions, proxying, allowlists).
  • Usage monitoring, abuse prevention, and security reviews for AI-driven features/workflows.
  • Contributing to internal AI security standards (prompt/data handling guidance, logging strategy, third-party risk considerations).
• Work cross-functionally with IS Risk and Compliance team to produce evidence and reporting to support internal security requirements and external compliance obligations (e.g., SOC 2 / ISO-aligned controls, healthcare and privacy expectations).
• Participate in security incident response for cloud-related events, including containment and recovery actions.
• Other duties as assigned.

• 4+ years of hands-on experience in cloud security, DevSecOps, cloud engineering with security focus, or security operations in cloud environments or a combination of education and experience.
• Experience in healthcare technology and/or regulated environments (privacy, audit evidence, security control documentation).
• Practical experience administering security controls in GCP and AWS (IAM, logging, encryption/KMS, network security, cloud security services).
• Experience securing Kubernetes environments, including RBAC, cluster hardening, workload controls, and patch/version management.
• Strong vulnerability management experience (triage, remediation coordination, patching workflows, validation).
• Experience supporting secure integrations of LLM/AI services (e.g., ChatGPT/Grok) in production systems, including data governance and key management.

• Ability to work cross-functionally between InfoSec and Infrastructure/DevOps, and translate security requirements into implementable controls.
• Comfort working from tickets/alerts through to implemented changes in production cloud environments.
• Comfortable writing code in any one programming language: Javascript/Python/Bash.
• Familiarity with Infrastructure-as-Code and automation concepts (Terraform/CloudFormation, CI/CD pipelines, scripting).

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science or a related field preferred.
• Security certifications (one or more): GCP Professional Cloud Security Engineer, CISSP, CCSP, Security+.

As required.