Cloud Security Specialist

ABOUT THIS POSITION

This role is a core contributor to the design and implementation of secure cloud architectures across our multi‑cloud environments (GCP primary; AWS/Azure supporting) and cloud‑adjacent SaaS services. As a staff‑level architect, you will focus on applying established security patterns, implementing guardrails, and partnering with engineering teams to ensure cloud workloads meet regulatory, audit, and customer assurance requirements typical of a healthcare payments organization (e.g., PCI DSS, HIPAA/HITECH, HITRUST, SOC 2, SOX, and aligned NIST controls).

You will work under the guidance of security engineering leadership, helping translate standards into practical implementations, improving cloud security posture, and enabling secure‑by‑design delivery.

Contribute to and maintain cloud security reference architectures, standards, and implementation patterns for IaaS, PaaS, containers/Kubernetes, and serverless workloads.

Partner with engineering and platform teams to apply approved security patterns in new and existing cloud workloads.

Help implement and operate secure cloud landing zone controls including account/project structures, network segmentation, IAM boundaries, logging, and policy guardrails.

Support infrastructure‑as‑code and policy‑as‑code implementations aligned with defined standards.

Implement least‑privilege IAM for workforce and workload identities.

Support MFA, conditional access, secrets management, and privileged access patterns designed by senior architects.

Apply encryption, key management, tokenization, and data handling standards for sensitive data including payment and healthcare data.

Assist with data classification, retention, and secure deletion controls in cloud platforms.

Participate in threat modeling and security design reviews for cloud services and applications.

Help integrate Dev Sec Ops  and SDLC security controls into CI/CD pipelines using established tooling and patterns.

Ensure required cloud audit logs, telemetry, and security signals are enabled and flowing to centralized monitoring.

Partner with Security Operations to improve visibility, detection coverage, and incident readiness in cloud environments.

Help define and maintain cloud hardening baselines, container/image standards, and configuration compliance controls.

Work with engineering teams to remediate recurring or systemic cloud security findings.

Support reviews of cloud‑connected vendors and SaaS integrations against established security requirements.

Assist in defining and validating compensating controls and monitoring expectations.

Partner with GRC and audit teams to map technical cloud controls to compliance frameworks.

Support evidence collection, control validation, and remediation activities during audits and assessments.

Work with project teams to evaluate the security of new, cloud‑based initiatives, project, and products for customer‑facing and internal use applications.

Design cloud security controls aligned to PCI DSS, HIPAA/HITECH, HITRUST CSF, SOC 2, SOX ITGC, and internal security standards.

Support continuous compliance efforts such as automated configuration checks, continuous monitoring, and repeatable evidence generation.

Participate in risk assessments, exception handling, and corrective action plans for cloud security gaps.

Contribute to customer assurance activities by providing clear technical explanations and diagrams with guidance from senior architects.

3+ years of hands‑on experience securing workloads in public cloud environments (Google Cloud Platform (GCP), AWS, or Azure). Multi‑cloud experience preferred.

Solid understanding of core cloud security concepts: IAM, networking, segmentation, logging/monitoring, encryption, key management, secrets management, and workload security.

Experience using…