Senior Cloud Security Engineer (Canada - Remote)

Founded in 2014, and with a total funding currently at $220 million; League is a platform technology company powering next-generation healthcare consumer experiences. Payers, providers, consumer health partners and employers build on League’s platform to deliver high-engagement, personalized healthcare experiences consumers love. Millions of people use solutions powered by League to access, navigate and pay for care.

The Role

League’s security engineering teams are responsible for scaling security in the development lifecycle and managing security incident management. We believe in security by design and follow a paved road philosophy by building or buying tools that we can integrate into our platform to level-up our security posture. Security is everyone’s responsibility, but security engineering is how we make it possible for engineers to ship high quality code to production several times per day with security baked in.

We are accepting applicants who have existing software engineering experience and want to explore security and applicants who may have done a security program in a post-secondary institution. There are people across the engineering organization who are ready to help grow technical skills and who want to learn more about security.

In this role, you will:

• Team Coordination: Collaborate with the broader security engineering team to discuss ongoing projects, share updates, and troubleshoot any issues that arise. This includes coordinating efforts with colleagues specializing in different areas of security, such as application, infrastructure, and cloud
• Security Consultation: Meet with software engineers to provide guidance on securely implementing security measures in their projects. This could involve discussions on implementing zero-trust principles, designing secure service mesh architectures, or addressing specific security concerns
• Cloud Infrastructure Automation: Work on automating the deployment and configuration of security measures within League's public cloud environment. This includes leveraging infrastructure-as-code (IaC) principles to define and manage resources, streamline processes, and ensure consistent security across cloud projects
• Security Maturity Assessment: Conduct regular assessments of League's overall security maturity. Identify areas for improvement, propose solutions, and track progress over time
• Cloud Security Management: Review and adjust the configuration of cloud security tools, including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and others, to ensure they are effectively monitoring League's cloud environments for threats, misconfigurations, and compliance violations
• Container and Kubernetes Security: Implement and maintain security measures for containerized workloads and Kubernetes environments. This includes container hardening, runtime …