Skip to Main Content

Cloud Security Engineer

Headspace Health
San Francisco, CA
  • Posted: over a month ago
  • Full-Time
Job Description

Headspace and Ginger have recently merged to become Headspace Health! While roles are still being recruited separately on our respective websites, new hires from this point forward will be joining Headspace Health. For more information, please speak with your recruiter!

Position is Fully Remote

About the Cloud Security Engineer at Headspace Health:

The Cloud Security Engineer will be a key member of the technical team responsible for worldwide cloud infrastructure and application security at Headspace Health. You will help protect network boundaries, keep cloud resources and machine learning models hardened against attacks, and provide security services to protect highly sensitive data such as user and customer information. You will work hands-on with cloud infrastructure and actively monitor the Headspace Health systems for attacks and intrusions. You will also work with software engineers and data scientists to proactively identify and fix security flaws and vulnerabilities. You will use your industry experience to own and drive the resolution of complex security incidents, policy questions, and technical security issues. Beyond the methodologies and tools, it is important for you to drive a culture of security and develop an attacker's mind-set.

How your skills and passion will come to life at Headspace Health:

  • Interact closely with other cyber security architects, privacy officers, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements (HIPAA, HITRUST, etc.)
  • Review web app and machine learning code for security vulnerabilities and propose fixes to the development team
  • Ensure product security via static and dynamic scanning of applications and automation into the integration and deployment pipelines
  • Promote infrastructure-as-code and the benefits of resilience, consistency, and rapid iteration of the infrastructure security posture
  • Manage the maturity of the serverless and containerization approach to infrastructure
  • Continuously research, design, advocate, and recommend new security technologies, architectures, and products that will ensure meeting all compliance requirements
  • Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the data engineering stack
  • Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over effectiveness of controls

What you've accomplished:

  • BS degree or higher in Computer Engineering, MIS or in a STEM major (Science, Technology, Engineering or Mathematics)
  • 3+ years of relevant experience in architecting security solutions with in-depth knowledge of security protocols/tools and automation in a regulated industry such as healthcare, banking, or financial services
  • Experience building and deploying applications using cloud infrastructure on AWS using modern serverless and container technologies
  • Experience configuring and monitoring AWS Security artifacts  such as WAF, ALB/ELB, Guard Duty, SSM, Config, CloudTrail, CloudWatch, Inspector, Detective among others
  • Experience with machine learning model vulnerabilities and how to mitigate them
  • Demonstrated understanding of agile secure software development lifecycle and ability to distinguish the core inputs and outputs in each phase
  • Experience with Python, Javascript, shell scripting, and mobile app development with iOS, Android, and hybrid technologies
  • Familiarity with one or more industry security compliance framework or regulation, such as ISO 27001/2, PCI-DSS, HIPAA, FedRAMP, CIS, HITRUST, SSAE16, SOC 1, SOC 2; international privacy requirements including GDPR, EU Privacy, and Safe Harbor

How to get started:
If you're excited by the idea of seeing yourself in this role at Headspace Health, please apply with your résumé and a cover letter that best expresses your interest and unique qualifications.

How we feel about Diversity & Inclusion:

Headspace Health is committed to bringing together humans from different backgrounds and perspectives, providing employees with a safe and welcoming work environment free of discrimination and harassment. We strive to create a diverse & inclusive environment where everyone can thrive, feel a sense of belonging, and do impactful work together. 

As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our workplace. 


*Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Headspace Health. Please inform our Talent team if you need any assistance completing any forms or to otherwise participate in the application process.

Headspace Health participates in the E-Verify Program.

Headspace Health is committed to protecting the privacy and security of your personal data. Please view our privacy notice here. 

Headspace Health


San Francisco, CA


Real Estate

View all jobs at Headspace Health

What email should the hiring manager reach you at?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.