Senior Cloud Security Engineer

Who are Heidi?

Heidi is building an AI Care Partner that supports clinicians every step of the way, from documentation to delivery of care.

We exist to double healthcare’s capacity while keeping care deeply human. In 18 months, Heidi has returned more than 18 million hours to clinicians and supported over 73 million patient visits. Today, more than two million patient visits each week are powered by Heidi across 116 countries and over 110 languages.

Founded by clinicians, Heidi brings together clinicians, engineers, designers, scientists, creatives, and mathematicians, working with a shared purpose: to strengthen the human connection at the heart of healthcare.

Backed by nearly $100 million in total funding, Heidi is expanding across the USA, UK, Canada, and Europe, partnering with major health systems including the NHS, Beth Israel Lahey Health, MaineGeneral, and Monash Health, among others.

We move quickly where it matters and stay grounded in what’s proven, shaping healthcare’s next era. Ready for the challenge?

The Role

As a Senior Cloud Security Engineer who will lead and scale our cloud security strategy as we build critical systems for healthcare. You’ll be at the heart of our infrastructure and product security — embedding security into every layer of our cloud-native stack and helping us stay resilient, compliant, and one step ahead of threats.

What you’ll do:

- Design and implement security controls across our cloud infrastructure (AWS/GCP/Azure), networks, containers, and CI/CD pipelines.

- Drive adoption of security best practices across engineering teams — with a strong focus on automation, secure defaults, and developer enablement.

- Own and evolve threat detection and prevention strategies, leveraging tools like GuardDuty, AWS Config, CloudTrail, and other cloud-native services.

- Implement and manage application and supply chain security tooling (e.g., GitHub Advanced Security, Snyk, Trivy, Semgrep).

- Define and enforce IAM policies, secrets management, and service-to-service authentication standards.
Lead security incident response and postmortems — build systems to reduce MTTR and improve detection fidelity.

- Collaborate with engineering, compliance, and legal to align infrastructure with frameworks like ISO 27001, SOC 2, and HIPAA.

- Contribute to security awareness and training initiatives across the organization.

- Participate in threat modeling, architecture reviews, and risk assessments.

- Support generation of automated audit evidence for compliance needs.

- Stay ahead of cloud security trends, zero-day threats, and new attack vectors — and continuously strengthen our defenses.

What we will look for:

- 6–8+ years in security engineering, with at least 3+ years focused on cloud-native security (preferably AWS or Azure).

- Proven experience securing modern infrastructure: containers (Docker), orchestration (Kubernetes), and IaC (Terraform, CDK, etc.).

- Deep understanding of identity and access management, network segmentation, and cloud security architectures.

- Hands-on experience with tools like:

- Secrets Management: HashiCorp Vault, AWS Secrets Manager

- Security Scanning: Snyk, Trivy, GitHub Advanced Security, Checkov

- Monitoring & Detection: CloudTrail, GuardDuty, Falco, Datadog Security

- Strong programming/scripting skills in Python, Go, or Bash.

- Solid knowledge of secure software development lifecycle (SSDLC) and DevSecOps principles.

- Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA, or PCI-DSS).

- Experience leading security reviews, audits, or risk assessments.

Bonus

- Experience in regulated industries (healthtech, fintech, government).

- Background in offensive security or red/purple teaming.

- Knowledge of SBOM generation and software supply chain defense.

Attitude is more important than experience so if you are a hungry, competitive and highly motivated operator who has a knack for problem solving and building relationships, we want to hear from you.

What do we believe in?

Heidi builds for the future of healthcare, not just the next quarter, and our goals are ambitious because the world’s health demands it. We believe in progress built through precision, pace, and ownership.

- Live Forever - Every release moves care forward: measured, safe, and built to last. Data guides us, but patients define the truth that matters.

- Practice Ownership - Decisions follow logic and proof, not hierarchy. Exceptional care demands exceptional standards in our work, our thinking, and our character.

- Small Cuts Heal Faster - Stability earns trust, speed delivers impact. Progress is about learning fast without breaking what people depend on.

- Make others better - Feedback is direct, kindness is constant, and excellence lifts everyone. Our success is measured by collective growth, not individual output.

Our mission is clear: expand the world’s capacity to care, and do it without losing the humanity that makes care worth delivering.

Why you will flourish with us 🚀?

- Flexible hybrid working environment, with 3 days in the office.

- Additional paid day off for your birthday and wellness days

- Special corporate rates at Anytime Fitness in Melbourne, Sydney tbc.

- A generous personal development budget of $500 per annum

- Learn from some of the best engineers and creatives, joining a diverse team

- Become an owner, with shares (equity) in the company, if Heidi wins, we all win

- The rare chance to create a global impact as you immerse yourself in one of Australia’s leading health tech startups

- If you have an impact quickly, the opportunity to fast track your startup career

Help us reimagine primary care and change the face of healthcare in Australia and then around the world.

#J-18808-Ljbffr