Cloud Security Engineer`

Virta Health

1d•Remote

About The Position

Virta Health is on a mission to reverse metabolic disease in one billion people. Current treatment approaches aren’t working—over half of US adults have either type 2 diabetes or prediabetes, and obesity rates are at an all-time high. Virta is changing this by helping people reverse their metabolic condition through innovations in technology, personalized nutrition, and virtual care delivery reinvented from the ground up. We have raised over $350 million from top-tier investors, and partner with the largest health plans, employers, and government organizations to help their employees and members restore their health and take back their lives. Join us on our mission to reverse metabolic disease in one billion people. You'll be the dedicated Cloud Security Engineer in a growing Foundations team. As we rapidly scale our impact, we're seeking a passionate and experienced security leader to build and mature our application security program. You'll have the autonomy to define strategy, implement best practices, and embed security principles across the org. If you thrive on building secure systems, automation, fostering a security-conscious culture, and making a tangible difference in protecting sensitive health information, this role is for you.

Requirements

Understanding and practical experience in securing cloud-native applications and infrastructure, particularly in Kubernetes environments. GCP experience is strongly preferred.
Strong grasp of networking concepts, identity management (IAM), encryption, and common web application vulnerabilities (e.g., OWASP Top 10).
Excellent communication skills with the ability to clearly articulate complex security concepts to diverse audiences and influence technical direction across teams.
Significant hands-on experience in application security, including threat modeling, secure coding practices, vulnerability management, and security testing (SAST, DAST, IAST).
Proficiency in Infrastructure as Code (IaC) tools, specifically Terraform.
Development experience with Go and Python.

Responsibilities

Own and Enhance Security Design: Assess our current security controls within GCP and Kubernetes, identify areas for improvement, and drive the maturation of our security posture from good to great.
Champion Secure Development: Partner closely with Engineering, Product, and Platform teams to integrate security best practices early and often ("shift-left") into the software development lifecycle.
Build and Automate: Design, implement, and manage security tooling and automation to streamline vulnerability detection, remediation, and compliance verification. Replace manual processes with efficient, automated solutions.
Refine Access Control: Evolve our identity and access management (IAM) strategy, ensuring least-privilege access and robust auditing capabilities across our systems.
Strengthen Network Security: Continuously improve our network security architecture, policies, and controls within our cloud environment.
Develop Clear Standards: Establish, document, and communicate practical security policies, standards, and guidelines for engineering teams.
Lead Security Initiatives: Drive vulnerability management efforts and enhance our incident response preparedness, ensuring we are ready to handle potential threats effectively.
Cultivate Security Awareness: Act as a security evangelist, promoting security awareness and best practices throughout the engineering organization.