Note: The job is a remote job and is open to candidates in USA. SOTA Cloud is a cloud-native dental imaging platform seeking a Senior / Staff Platform Security Engineer to lead security strategy and implementation across their cloud infrastructure. The role emphasizes security ownership, vulnerability management, and collaboration with engineering teams to ensure secure operations.
Responsibilities
- Improve security posture across Azure, AKS, Azure SQL, networking, storage, identity, secrets, and production runtime
- Harden Kubernetes workloads, ingress paths, workload identity, secrets handling, and container configuration
- Own vulnerability triage, prioritization, remediation tracking, exceptions, and reporting
- Tune security tooling such as Aikido, CrowdStrike, Vanta, New Relic, Microsoft Defender for Cloud, Sentinel, or comparable systems
- Improve privileged access workflows using least privilege, just-in-time access, PIM, access reviews, and clear production-access evidence
- Support security improvements in CI/CD pipelines, including SAST, SCA, secrets scanning, infrastructure-as-code scanning, and container scanning where appropriate
- Partner with software developers to make security findings understandable, actionable, and resolved at the source
- Serve as a technical partner to the Security and Privacy Compliance team for audits, customer reviews, risk assessments, and control evidence
- Work within documented change-control processes for security-relevant and production-relevant changes
- Support security and platform incident response when needed
Skills
- 8+ years of experience in cloud security, platform security, security engineering, infrastructure security, DevSecOps, SRE, DevOps, or related technical infrastructure roles
- 4+ years of experience in security-focused roles such as platform security, cloud security, application security, DevSecOps, or production security engineering
- Deep hands-on Azure experience, including AKS, Entra ID, networking, storage, Azure SQL, secrets management, monitoring, and production access controls
- Strong understanding of cloud/platform security architecture, least privilege, secure configuration, production access, and vulnerability remediation
- Hands-on experience with Kubernetes security, container security, workload identity, network controls, and production runtime hardening
- Experience with vulnerability management and practical prioritization based on exploitability, exposure, and business impact
- Experience with privileged access models, just-in-time access, PIM, access reviews, and least-privilege controls
- Experience with infrastructure as code using Terraform, Bicep, or comparable tooling
- Practical familiarity with CI/CD pipelines and software delivery workflows
- Ability to work directly with software engineers to explain and remediate security findings
- Ability to communicate technical security controls clearly to compliance, privacy, engineering, IT, and executive stakeholders
- Strong written communication skills for documentation, findings, exceptions, remediation plans, and audit evidence
- Ability to operate independently, identify gaps, make recommendations, and drive approved work to completion
- 10+ years of relevant experience
- Experience in regulated environments such as HIPAA, SOC 2, ISO 13485, ISO 27001, FDA-regulated software, healthcare SaaS, fintech, or other high-assurance environments
- Experience with SaMD, medical device software, FDA QMSR, ISO 13485/MDSAP, or validated software development environments
- Familiarity with Aikido, CrowdStrike, Vanta, New Relic, Microsoft Defender for Cloud, Sentinel, or comparable tools
- Experience with SAML, OIDC, SCIM, SSO, MFA, Conditional Access, PIM, and access reviews
- Experience with Azure Policy, Log Analytics, Key Vault, managed identities, and workload identity
- Experience with GitHub Actions, Azure DevOps, or comparable development and release tooling
- Experience with threat modeling, secure architecture reviews, incident response, root-cause analysis, or tabletop exercises
- Certifications such as Azure Security Engineer Associate, Certified Kubernetes Security Specialist, CCSP, CISSP, or equivalent hands-on experience
Benefits
- Equity and benefits
- Remote-first, with required daily overlap with US Pacific business hours
- Direct visibility to the CTO
- Meaningful influence over engineering and platform security practices
- Company-managed compliant device required for privileged access
- Background screening required for roles with production access
- Participation in incident response, on-call escalation, scheduled maintenance, or urgent security work may be required
Company Overview