Function Health, recognized as one of Fast Company’s Most Innovative Companies of 2024 and backed by Andreessen Horowitz (a16z), is hiring a Cloud Security Engineer. This is a full-time, remote role with a mission-driven focus: building a modern cloud security program to protect the company’s platform and its members, who are working to live 100 healthy years.

This hands-on, impact-driven role is critical for securing Function’s Google Cloud Platform (GCP) environments. You will be responsible for designing and enforcing guardrails to make the infrastructure secure by default. If you thrive on solving complex cloud security challenges and know how to balance speed with control, this is a chance to turn those challenges into practical, automated security solutions.

Key Responsibilities and Technical Depth

The role is deeply embedded within the engineering teams, requiring a pragmatic approach to risk reduction through automation, hardening, and strong security partnership.

• GCP Hardening & Guardrails: Orchestrate and implement organization constraints to enforce security guardrails and prevent misconfigurations. This includes enforcing secure defaults, network segmentation, logging, and monitoring across the GCP environment.
• Identity & Access Management (IAM): Drive the adoption of identity and service-account best practices, focusing on least privilege, key rotation, and the elimination of long-lived credentials.
• Automation & Policy: Automate the enforcement of cloud security controls using Infrastructure-as-Code (IaC), policy-as-code, and CI/CD guardrails.
• Vulnerability & Monitoring: Lead cloud vulnerability management (scanning for misconfigurations, secrets, and exposed services). You will integrate CSPM tooling (e.g., Wiz, Upwind, GCP Security Command Center) and cloud-native telemetry into centralized detection and response workflows.
• Incident Response: Support incident response by providing expertise on GCP logging, forensics, and containment.

Required Qualifications and Mindset

The company is looking for a technical expert with a strong bias toward action and an entrepreneurial spirit, reflecting the startup nature of the company.

• Experience: 5–8 years of experience in cloud engineering or security, with a minimum of 3 years specifically focused on GCP.
• GCP Mastery: Deep knowledge of GCP services (IAM, VPC, GKE, Cloud Run, GCS, KMS, SCC) and their security implications.
• Automation Tools: Experience implementing guardrails with Terraform. Strong scripting or development skills (Python preferred) for automation.
• Security Domain: Strong grasp of IAM design, service account lifecycle, and secrets management in GCP. Familiarity with cloud logging/monitoring (Cloud Logging, VPC Flow Logs) and integration into SIEM/SOAR systems.
• Compliance (Bonus): Experience with HIPAA/HITRUST environments, SOC 2 Type II audits, or healthcare data protection is a major bonus.
• Mindset: Must demonstrate a Bias Toward Action, Entrepreneurial Spirit (strong adaptability to changing needs), and excellent Communication skills for working with non-technical stakeholders.