Senior Cloud Security Engineer

at Heidi Health
🇦🇺 Australia - Remote
🔒 Cybersecurity🟣 Senior

Job description

Who are Heidi?

Heidi is on a mission to halve the time it takes to deliver world-class care.

We believe that by 2050, every clinician will practice with AI systems that free them from administrative burdens and increase the quality and accessibility of care to patients across the world.

Built for clinicians, by clinicians, at the core of Heidi is its people. We are an eclectic bunch of inventors, builders, scientists, nurses, doctors, mathematicians, designers, creatives, and high-agency executors.

We achieve in 6 months what it takes our competitors 4 years to do. In just 12 months, 20 million patient consults were supported by Heidi, and we’re now powering more than 1 million consults every week.

With our most recent $16.6MM round of funding from leading VC firms, we’re geared up to supercharge our ambitious global growth, starting with the US, Canada, UK and Europe - and we need great people like you to get there.

The Role

As a Senior Cloud Security Engineer who will lead and scale our cloud security strategy as we build critical systems for healthcare. You’ll be at the heart of our infrastructure and product security — embedding security into every layer of our cloud-native stack and helping us stay resilient, compliant, and one step ahead of threats.

What you’ll do:

  • Design and implement security controls across our cloud infrastructure (AWS/GCP/Azure), networks, containers, and CI/CD pipelines.

  • Drive adoption of security best practices across engineering teams — with a strong focus on automation, secure defaults, and developer enablement.

  • Own and evolve threat detection and prevention strategies, leveraging tools like GuardDuty, AWS Config, CloudTrail, and other cloud-native services.

  • Implement and manage application and supply chain security tooling (e.g., GitHub Advanced Security, Snyk, Trivy, Semgrep).

  • Define and enforce IAM policies, secrets management, and service-to-service authentication standards.

Lead security incident response and postmortems — build systems to reduce MTTR and improve detection fidelity.

  • Collaborate with engineering, compliance, and legal to align infrastructure with frameworks like ISO 27001, SOC 2, and HIPAA.

  • Contribute to security awareness and training initiatives across the organization.

  • Participate in threat modeling, architecture reviews, and risk assessments.

  • Support generation of automated audit evidence for compliance needs.

  • Stay ahead of cloud security trends, zero-day threats, and new attack vectors — and continuously strengthen our defenses.

What we will look for:

  • 6–8+ years in security engineering, with at least 3+ years focused on cloud-native security (preferably AWS or Azure).

  • Proven experience securing modern infrastructure: containers (Docker), orchestration (Kubernetes), and IaC (Terraform, CDK, etc.).

  • Deep understanding of identity and access management, network segmentation, and cloud security architectures.

  • Hands-on experience with tools like:

    • Secrets Management: HashiCorp Vault, AWS Secrets Manager

    • Security Scanning: Snyk, Trivy, GitHub Advanced Security, Checkov

    • Monitoring & Detection: CloudTrail, GuardDuty, Falco, Datadog Security

  • Strong programming/scripting skills in Python, Go, or Bash.

  • Solid knowledge of secure software development lifecycle (SSDLC) and DevSecOps principles.

  • Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA, or PCI-DSS).

  • Experience leading security reviews, audits, or risk assessments.

Bonus

  • Experience in regulated industries (healthtech, fintech, government).

  • Background in offensive security or red/purple teaming.

  • Knowledge of SBOM generation and software supply chain defense.

Attitude is more important than experience so if you are a hungry, competitive and highly motivated operator who has a knack for problem solving and building relationships, we want to hear from you.

What do we believe in?

  • We create unconventional solutions to difficult problems and we build them fast. We want you to set impossible goals and make them happen, think landing a rocket but the medical version.

  • You’ll be surrounded by a world-class team of engineers, medicos and designers to do your best work, inspired by our shared beliefs:

    • We will stop at nothing to improve patient care across the world.

    • We design user experiences for joy and ship them fast.

    • We make decisions in a flat hierarchy that prioritizes the truth over rank.

    • We provide the resources for people to succeed and give them the freedom to do it.

Why you will flourish with us 🚀?

  • Flexible hybrid working environment, with 3 days in the office.

  • Additional paid day off for your birthday and wellness days

  • Special corporate rates at Anytime Fitness in Melbourne, Sydney tbc.

  • A generous personal development budget of $500 per annum

  • Learn from some of the best engineers and creatives, joining a diverse team

  • Become an owner, with shares (equity) in the company, if Heidi wins, we all win

  • The rare chance to create a global impact as you immerse yourself in one of Australia’s leading health tech startups

  • If you have an impact quickly, the opportunity to fast track your startup career!

Help us reimagine primary care and change the face of healthcare in Australia and then around the world.

Share this job:
Please let Heidi Health know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Heidi Health logo

Heidi Health

  • 15 remote jobs

Latest Jobs at Heidi Health

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply