Senior Platform Security Engineer

Opala develops healthcare products that tackle the most complex data challenges faced by payers and providers. We combine deep health-tech expertise with top-tier data and software engineering talent to create products that our customers find meaningful and valuable.

In this remote position, we're seeking an experienced Senior Platform Security Engineer to join our team. You will play a critical role in securing our cloud infrastructure and embedding strong security practices across our engineering squads.

• Monitor and secure our Azure + AWS environments, responding to incidents and remediating vulnerabilities.
• Design and implement Infrastructure as Code guardrails (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit).
• Embed security checks into CI/CD pipelines (GitHub Actions).
• Build and manage secrets management, identity solutions, and key rotation.
• Partner with squads to ensure product features are secure and compliant by design.
• Investigate security breaches and document root cause and remediation steps.
• Integrate logging/monitoring with SOC/MDR vendor to ensure strong detection and response.
• Perform SAST/DAST testing and strengthen software supply chain security.
• Develop and implement an immutable infrastructure strategy.
• Build and execute a red team and blue team strategy to continually test defenses.
• Research security enhancements and make recommendations to leadership.
• Stay current on IT and security standards, advising the company on emerging risks.

• Bachelor’s degree in computer science or related field (or equivalent experience).
• 6+ years in platform engineering, DevSecOps, or cloud security roles, with at least 4 in a senior capacity.
• 2+ years of vendor management experience.
• 2+ years mentoring and developing junior team members.
• Experience with security in both AWS and Azure.
• Experience with IaC tools and automation (Terraform, Bash, Azure CLI, AWS CLI, Jinja, CloudInit).
• Experience with SAST/DAST and securing the software supply chain.
• Experience with OpenAPI/Swagger JSON specifications and API security.
• Familiarity with SOC 2 controls and know how to enforce them in cloud systems.
• Familiarity with HIPAA controls and know how to enforce them in cloud systems.
• Experience using or administering compliance automation tools (Drata or similar GRC platforms).
• Ability to collaborate closely with developers and product squads while setting security best practices.

• Security certifications (AWS Security Specialty, AZ500, CISSP, etc.).
• Experience with HITRUST controls and how to enforce them in cloud systems.
• Exposure to enterprise architecture frameworks such as TOGAF.
• Experience in regulated industries (healthcare, fintech, etc.).
• Experience leading or coordinating red/blue team exercises.
• Experience with other scripting languages: PowerShell, python

• The Seattle base salary range for this full-time position is $163k-$192k.
• Benefits include medical, dental, vision, life and AD&D insurance, EAP, short-term and long-term disability, 16 days PTO, 8 paid holidays, fully paid holiday closure, parental and family medical leave, 401k, stock options and annual bonuses and salary increases based on merit.

At Opala, we believe that diversity and inclusivity are critical to our success. We encourage and value diverse perspectives and experiences, and we believe that they are essential for driving innovation and creating products that meet the needs of our diverse customer base. We are an equal opportunity employer and make employment decisions on the basis of merit.