Senior Platform Security Engineer
Opala develops healthcare products that tackle the most complex data challenges faced by payers and providers. As a startup originating from a major healthcare plan in the Northwest, we combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable. These data products empower payers and their partners to find timely insights and take action to intervene in areas like value-based care analytics, interoperability compliance, and real-time streaming of clinical data. In this remote position, we're seeking an experienced Senior Platform Security Engineer to join our team. Here, you will play a critical role in securing our cloud infrastructure and embedding strong security practices across our engineering squads. Youll bridge platform engineering and security, building paved-road guardrails that make it easy for developers to ship securely in a healthcare data environment. You'll also both 'lead by doing' (designing and implementing IaC guardrails, CI/CD security checks, and software supply chain protections) AND 'lead by influence' (mentoring engineers and partnering with our Security and Compliance team). Responsibilities
Monitor and secure our Azure + AWS environments, responding to incidents and remediating vulnerabilities.
Design and implement Infrastructure as Code guardrails (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit).
Embed security checks into CI/CD pipelines (GitHub Actions).
Build and manage secrets management, identity solutions, and key rotation.
Partner with squads to ensure product features are secure and compliant by design.
Investigate security breaches and document root cause and remediation steps.
Integrate logging/monitoring with SOC/MDR vendor to ensure strong detection and response.
Perform SAST/DAST testing and strengthen software supply chain security.
Develop and implement an immutable infrastructure strategy.
Build and execute a red team and blue team strategy to continually test defenses.
Research security enhancements and make recommendations to leadership.
Stay current on IT and security standards, advising the company on emerging risks.
Competencies
Bachelors degree in computer science or related field (or equivalent experience).
6+ years in platform engineering, DevSecOps, or cloud security roles, with at least 4in a senior capacity.
2+ years of vendor management experience.
2+ years mentoring and developing junior team members.
Experience with security in both AWS and Azure.
Experience with IaC tools and automation (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit).
Experience with SAST/DAST and securing the software supply chain.
Experience with OpenAPI/Swagger JSON specifications and API security.
Familiarity with SOC 2 controls and know how to enforce them in cloud systems.
Familiarity with HIPAA controls and know how to enforce them in cloud systems.
Experience using or administering compliance automation tools (Drata or similar GRC platforms).
Strong Bash scripting skills for automation.
Ability to collaborate closely with developers and product squads while setting security best practices.
Preferred Qualifications
Security certifications (AWS Security Specialty, AZ500, CISSP, etc.).
Experience with HITRUST controls and how to enforce them in cloud systems.
Exposure to enterprise architecture frameworks such as TOGAF.
Experience in regulated industries (healthcare, fintech, etc.).
Experience leading or coordinating red/blue team exercises.
Experience with other scripting languages: PowerShell, python
Benefits
The Seattle base salary range for this full-time position is $163k-$192k.Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
Benefits include medical, dental, vision, life and AD&D insurance, EAP, short-term and long-term disability, 16 days PTO, 8 paid holidays, fully paid holiday closure, parental and family medical leave, 401k, stock options and annual bonuses and salary increases based on merit.
Diversity and Inclusivity Statement
At Opala, we believe that diversity and inclusivity are critical to our success. We encourage and value diverse perspectives and experiences, and we believe that they are essential for driving innovation and creating products that meet the needs of our diverse customer base.
Opala is an equal opportunity employer and makes employment decisions on the basis of merit. We are committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.
About the job
Apply for this position
Senior Platform Security Engineer
Opala develops healthcare products that tackle the most complex data challenges faced by payers and providers. As a startup originating from a major healthcare plan in the Northwest, we combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable. These data products empower payers and their partners to find timely insights and take action to intervene in areas like value-based care analytics, interoperability compliance, and real-time streaming of clinical data. In this remote position, we're seeking an experienced Senior Platform Security Engineer to join our team. Here, you will play a critical role in securing our cloud infrastructure and embedding strong security practices across our engineering squads. Youll bridge platform engineering and security, building paved-road guardrails that make it easy for developers to ship securely in a healthcare data environment. You'll also both 'lead by doing' (designing and implementing IaC guardrails, CI/CD security checks, and software supply chain protections) AND 'lead by influence' (mentoring engineers and partnering with our Security and Compliance team). Responsibilities
Monitor and secure our Azure + AWS environments, responding to incidents and remediating vulnerabilities.
Design and implement Infrastructure as Code guardrails (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit).
Embed security checks into CI/CD pipelines (GitHub Actions).
Build and manage secrets management, identity solutions, and key rotation.
Partner with squads to ensure product features are secure and compliant by design.
Investigate security breaches and document root cause and remediation steps.
Integrate logging/monitoring with SOC/MDR vendor to ensure strong detection and response.
Perform SAST/DAST testing and strengthen software supply chain security.
Develop and implement an immutable infrastructure strategy.
Build and execute a red team and blue team strategy to continually test defenses.
Research security enhancements and make recommendations to leadership.
Stay current on IT and security standards, advising the company on emerging risks.
Competencies
Bachelors degree in computer science or related field (or equivalent experience).
6+ years in platform engineering, DevSecOps, or cloud security roles, with at least 4in a senior capacity.
2+ years of vendor management experience.
2+ years mentoring and developing junior team members.
Experience with security in both AWS and Azure.
Experience with IaC tools and automation (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit).
Experience with SAST/DAST and securing the software supply chain.
Experience with OpenAPI/Swagger JSON specifications and API security.
Familiarity with SOC 2 controls and know how to enforce them in cloud systems.
Familiarity with HIPAA controls and know how to enforce them in cloud systems.
Experience using or administering compliance automation tools (Drata or similar GRC platforms).
Strong Bash scripting skills for automation.
Ability to collaborate closely with developers and product squads while setting security best practices.
Preferred Qualifications
Security certifications (AWS Security Specialty, AZ500, CISSP, etc.).
Experience with HITRUST controls and how to enforce them in cloud systems.
Exposure to enterprise architecture frameworks such as TOGAF.
Experience in regulated industries (healthcare, fintech, etc.).
Experience leading or coordinating red/blue team exercises.
Experience with other scripting languages: PowerShell, python
Benefits
The Seattle base salary range for this full-time position is $163k-$192k.Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
Benefits include medical, dental, vision, life and AD&D insurance, EAP, short-term and long-term disability, 16 days PTO, 8 paid holidays, fully paid holiday closure, parental and family medical leave, 401k, stock options and annual bonuses and salary increases based on merit.
Diversity and Inclusivity Statement
At Opala, we believe that diversity and inclusivity are critical to our success. We encourage and value diverse perspectives and experiences, and we believe that they are essential for driving innovation and creating products that meet the needs of our diverse customer base.
Opala is an equal opportunity employer and makes employment decisions on the basis of merit. We are committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.