Cloud Security Engineer

Fullscript is looking for a Cloud Security Engineer to help secure the cloud platforms that power care delivery for millions of patients.

In this role youll partner with engineering teams to design build and operate secure-by-default cloud infrastructure across AWS and Google Cloud. Youll help protect sensitive health data harden our cloud footprint automate guardrails and move cloud security from project-by-project work into a scalable programmatic practice.

Youll work closely with Security Engineering GRC SOC Platform Engineering and product teams to prevent detect and respond to cloud-native threats. This is a hands-on engineering role for someone who likes solving complex infrastructure problems with code cares about helping teams ship securely and wants their work to support better patient outcomes.

• Design and implement cloud security controls across AWS and Google Cloud including multi-account architecture network segmentation data protection and secure-by-default infrastructure patterns.
• Build reusable Terraform modules reference architectures policy-as-code guardrails and self-service tooling that make secure implementation easier for engineering teams.
• Operate and tune CSPM/CNAPP tooling to identify misconfigurations exposures toxic combinations and coverage gaps across Fullscripts cloud environments.
• Drive remediation of cloud vulnerabilities and misconfigurations balancing risk engineering effort customer impact and business priorities.
• Strengthen IAM secrets management key rotation cloud credentials machine identities and just-in-time access patterns across cloud and SaaS environments.
• Embed security into CI/CD pipelines through IaC scanning container image scanning SBOM generation artifact protection and software supply chain controls.
• Partner with the SOC and engineering teams on cloud-native detections logging runbooks incident response post-incident learning and secure AI/ML workload patterns.

• 4 years of security engineering experience including 2 years focused on cloud security in AWS and/or Google Cloud.
• Strong understanding of cloud-native attack paths IAM risks network controls data protection key management secrets management and workload identity.
• Hands-on experience with infrastructure-as-code ideally Terraform and a strong understanding of how to secure it at scale.
• Ability to write code in Python Go or a similar language to automate detection remediation and security workflows.
• Experience integrating security tooling into CI/CD pipelines and developer workflows without creating unnecessary friction.
• Working knowledge of at least one compliance framework such as SOC 2 HIPAA HITRUST PCI-DSS or ISO 27001 with the ability to translate requirements into technical controls.
• Strong communication and collaboration skills with a bias toward enabling teams influencing without authority and helping engineers build securely.

• Experience in healthcare fintech or another regulated environment.
• Hands-on experience with CSPM or CNAPP tools such as Wiz Prisma Cloud Lacework or similar platforms.
• Experience securing Ruby on Rails JavaScript TypeScript GraphQL containerized workloads or modern cloud-native applications.
• Cloud incident response forensics or threat hunting experience.
• Experience securing AI/ML workloads LLM integrations data science platforms autonomous AI systems or non-human identities.
• Familiarity with AI/ML model supply chain risks AI-specific SBOMs or controls for limiting blast radius and privilege escalation.
• Open-source contributions or experience building internal security tooling.

• Salary range:$100000 to $110000 CAD
• Remote-first flexibility to work where you work best with Ottawa Toronto Calgary or Vancouver preferred for this role.
• Flexible PTO and competitive pay because work-life balance matters
• RRSP/401k match and stock options to invest in your future
• Premium benefits package with customizable coverage paramedical services and an HSA.
• Fullscript discounts to save on high-quality wellness products
• Continuous learning opportunities to grow your skills and career