ABOUT THIS POSITION

This role is a core contributor to the design and implementation of secure cloud architectures across our multi-cloud environments (GCP primary; AWS/Azure supporting) and cloud-adjacent SaaS services. As a staff-level architect, you will focus on applying established security patterns, implementing guardrails, and partnering with engineering teams to ensure cloud workloads meet regulatory, audit, and customer assurance requirements typical of a healthcare payments organization (e.g., PCI DSS, HIPAA/HITECH, HITRUST, SOC 2, SOX, and aligned NIST controls).
You will work under the guidance of security engineering leadership, helping translate standards into practical implementations, improving cloud security posture, and enabling secure-by-design delivery.

WHAT YOU'LL DO

Cloud security design & implementation

Contribute to and maintain cloud security reference architectures, standards, and implementation patterns for IaaS, PaaS, containers/Kubernetes, and serverless workloads.

Partner with engineering and platform teams to apply approved security patterns in new and existing cloud workloads.

Landing zone & governance support

Help implement and operate secure cloud landing zone controls including account/project structures, network segmentation, IAM boundaries, logging, and policy guardrails.

Support infrastructure-as-code and policy-as-code implementations aligned with defined standards.

Identity & access management

Implement least-privilege IAM for workforce and workload identities.

Support MFA, conditional access, secrets management, and privileged access patterns designed by senior architects.

Data protection

Apply encryption, key management, tokenization, and data handling standards for sensitive data including payment and healthcare data.

Assist with data classification, retention, and secure deletion controls in cloud platforms.

Security-by-design in engineering

Participate in threat modeling and security design reviews for cloud services and applications.

Help integrate DevSecOps and SDLC security controls into CI/CD pipelines using established tooling and patterns.

Detection & response readiness

Ensure required cloud audit logs, telemetry, and security signals are enabled and flowing to centralized monitoring.

Partner with Security Operations to improve visibility, detection coverage, and incident readiness in cloud environments.

Vulnerability & configuration management

Help define and maintain cloud hardening baselines, container/image standards, and configuration compliance controls.

Work with engineering teams to remediate recurring or systemic cloud security findings.

Third-party & SaaS security

Support reviews of cloud-connected vendors and SaaS integrations against established security requirements.

Assist in defining and validating compensating controls and monitoring expectations.

Audit & evidence support

Partner with GRC and audit teams to map technical cloud controls to compliance frameworks.

Support evidence collection, control validation, and remediation activities during audits and assessments.

Conduct Security Reviews

Work with project teams to evaluate the security of new, cloud-based initiatives, project, and products for customer facing and internal use applications.

Compliance, risk, and assurance expectations

Design cloud security controls aligned to PCI DSS, HIPAA/HITECH, HITRUST CSF, SOC 2, SOX ITGC, and internal security standards.

Support continuous compliance efforts such as automated configuration checks, continuous monitoring, and repeatable evidence generation.

Participate in risk assessments, exception handling, and corrective action plans for cloud security gaps.

Contribute to customer assurance activities by providing clear technical explanations and diagrams with guidance from senior architects.

WHAT YOU'LL NEED

3+ years of hands-on experience securing workloads in public cloud environments (Google Cloud Platform (GCP), AWS, or Azure). Multi-cloud experience preferred.

Solid understanding of core cloud security concepts: IAM, networking, segmentation, logging/monitoring, encryption, key management, secrets management, and workload security.

Experience using infrastructure-as-code and automation tools (e.g., Terraform, CloudFormation, Bicep) and supporting CI/CD pipelines.

Familiarity with container and/or Kubernetes security fundamentals.

Experience participating in threat modeling or security design reviews.

Strong written and verbal communication skills; able to document designs and explain security requirements to engineering teams.

Bachelor's degree in Computer Science, Engineering, or a related field (or equivalent practical experience).

Preferred qualifications

Exposure to PCI DSS, HIPAA/HITECH, or HITRUST control implementation in cloud environments.

Experience with CSPM tools, cloud-native security services, or SIEM integrations.

Familiarity with application security and DevSecOps tooling (SAST/DAST/SCA, secrets scanning).

Knowledge of modern cloud patterns such as zero trust, API security, or event-driven architectures.

Relevant certifications (one or more): CCSP, GCP Professional Cloud Security Engineer, AWS/Azure security specialty, or equivalent.

WAYSTAR PERKS

• Competitive total rewards (base salary + bonus, if applicable)
• Customizable benefits package (3 medical plans with Health Saving Account company match)
• We offer generous paid time off for our non-exempt team members, starting with 3 weeks + 13 paid holidays, including 2 personal floating holidays. We also offer flexible time off for our exempt team members + 13 paid holidays
• Paid parental leave (including maternity + paternity leave)
• Education assistance opportunities and free LinkedIn Learning access
• Free mental health and family planning programs, including adoption assistance and fertility support
• 401(K) program with company match
• Pet insurance
• Employee resource groups