Senior Cloud Security Engineer

Melbourne HQ or Sydney

Full time

Engineering

Who are Heidi?

Heidi is on a mission to halve the time it takes to deliver world-class care.

We believe that by 2050, every clinician will practice with AI systems that free them from administrative burdens and increase the quality and accessibility of care to patients across the world.

Built for clinicians, by clinicians, at the core of Heidi is its people. We are an eclectic bunch of inventors, builders, scientists, nurses, doctors, mathematicians, designers, creatives, and high-agency executors.

We achieve in 6 months what it takes our competitors 4 years to do. In just 12 months, 20 million patient consults were supported by Heidi, and we're now powering more than 1 million consults every week.

With our most recent $16.6MM round of funding from leading VC firms, we're geared up to supercharge our ambitious global growth, starting with the US, Canada, UK and Europe - and we need great people like you to get there.

The Role

As a Senior Cloud Security Engineer who will lead and scale our cloud security strategy as we build critical systems for healthcare. You'll be at the heart of our infrastructure and product security — embedding security into every layer of our cloud-native stack and helping us stay resilient, compliant, and one step ahead of threats.

What you'll do:

• Design and implement security controls across our cloud infrastructure (AWS/GCP/Azure), networks, containers, and CI/CD pipelines.

• Drive adoption of security best practices across engineering teams — with a strong focus on automation, secure defaults, and developer enablement.

• Own and evolve threat detection and prevention strategies, leveraging tools like GuardDuty, AWS Config, CloudTrail, and other cloud-native services.

• Implement and manage application and supply chain security tooling (e.g., GitHub Advanced Security, Snyk, Trivy, Semgrep).

• Define and enforce IAM policies, secrets management, and service-to-service authentication standards.
  Lead security incident response and postmortems — build systems to reduce MTTR and improve detection fidelity.

• Collaborate with engineering, compliance, and legal to align infrastructure with frameworks like ISO 27001, SOC 2, and HIPAA.

• Contribute to security awareness and training initiatives across the organization.

• Participate in threat modeling, architecture reviews, and risk assessments.

• Support generation of automated audit evidence for compliance needs.

• Stay ahead of cloud security trends, zero-day threats, and new attack vectors — and continuously strengthen our defenses.

What we will look for:

• 6–8+ years in security engineering, with at least 3+ years focused on cloud-native security (preferably AWS or Azure).

• Proven experience securing modern infrastructure: containers (Docker), orchestration (Kubernetes), and IaC (Terraform, CDK, etc.).

• Deep understanding of identity and access management, network segmentation, and cloud security architectures.

• Hands-on experience with tools like:

  • Secrets Management: HashiCorp Vault, AWS Secrets Manager

  • Security Scanning: Snyk, Trivy, GitHub Advanced Security, Checkov

  • Monitoring & Detection: CloudTrail, GuardDuty, Falco, Datadog Security

• Strong programming/scripting skills in Python, Go, or Bash.

• Solid knowledge of secure software development lifecycle (SSDLC) and DevSecOps principles.

• Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA, or PCI-DSS).

• Experience leading security reviews, audits, or risk assessments.

• Experience in regulated industries (healthtech, fintech, government).

• Background in offensive security or red/purple teaming.

• Knowledge of SBOM generation and software supply chain defense.

Attitude is more important than experience so if you are a hungry, competitive and highly motivated operator who has a knack for problem solving and building relationships, we want to hear from you.

What do we believe in?

• We create unconventional solutions to difficult problems and we build them fast. We want you to set impossible goals and make them happen, think landing a rocket but the medical version.

• You'll be surrounded by a world-class team of engineers, medicos and designers to do your best work, inspired by our shared beliefs:

  • We will stop at nothing to improve patient care across the world.

  • We design user experiences for joy and ship them fast.

  • We make decisions in a flat hierarchy that prioritizes the truth over rank.

  • We provide the resources for people to succeed and give them the freedom to do it.

Why you will flourish with us ?

• Flexible hybrid working environment, with 3 days in the office.

• Additional paid day off for your birthday and wellness days

• Special corporate rates at Anytime Fitness in Melbourne, Sydney tbc.

• A generous personal development budget of $500 per annum

• Learn from some of the best engineers and creatives, joining a diverse team

• Become an owner, with shares (equity) in the company, if Heidi wins, we all win

• The rare chance to create a global impact as you immerse yourself in one of Australia's leading health tech startups

• If you have an impact quickly, the opportunity to fast track your startup career

Help us reimagine primary care and change the face of healthcare in Australia and then around the world.