π° $150 - $180 π Remote (United States) π 07/06/2026
Apply**Senior / Staff Platform Security Engineer**
**Company:** SOTA Cloud Corporation
**Department:** Engineering / Platform Security
**Reports to:** Chief Technology Officer
**Location:** Remote, with required daily overlap with US Central business
hours
**Type:** Full-time, exempt
**Compensation:** $150,000 to $180,000 base salary, plus equity and benefits,
depending on experience
**About SOTA Cloud**
SOTA Cloud is a cloud-native dental imaging platform operating as FDA Class II
Software as a Medical Device, or SaMD. We serve high-volume dental
organizations, group practices, and enterprise customers on a multi-tenant
Azure architecture.
Because we operate in healthcare and regulated software, security,
reliability, and auditability matter. We work under requirements related to
FDA QMSR, ISO 13485/MDSAP, HIPAA, and SOC 2 Type II.
**About the Role**
SOTA Cloud is hiring a **Senior / Staff Platform Security Engineer** to own
platform security strategy and hands-on implementation across our cloud
infrastructure, Kubernetes environment, production access model, vulnerability
management process, and security tooling.
This is a senior individual contributor role with meaningful ownership and
direct visibility to the CTO. You will not initially manage a team, but you
will influence engineering, IT, quality, product, and compliance through
technical credibility, practical security standards, and strong execution.
The primary focus is security ownership. DevOps and CI/CD work are part of the
role, but they are not the center of gravity. We need someone who can
implement practical controls, communicate clearly with our Security and
Privacy Compliance team, and help engineering teams build and operate
securely.
Final level will depend on experience and demonstrated ability to operate
independently across strategy, implementation, and cross-functional
communication.
**What Youβll Own**
* Azure and AKS platform security
* Production access and privileged access patterns
* Vulnerability management and remediation coordination
* Security tooling configuration and signal quality
* Technical security standards for cloud and platform systems
* Security evidence and technical communication with Security and Privacy Compliance
* CI/CD and infrastructure-as-code security guardrails
* Security recommendations and implementation plans for CTO approval
What Youβll Do
* Improve security posture across Azure, AKS, Azure SQL, networking, storage, identity, secrets, and production runtime
* Harden Kubernetes workloads, ingress paths, workload identity, secrets handling, and container configuration
* Own vulnerability triage, prioritization, remediation tracking, exceptions, and reporting
* Tune security tooling such as Aikido, CrowdStrike, Vanta, New Relic, Microsoft Defender for Cloud, Sentinel, or comparable systems
* Improve privileged access workflows using least privilege, just-in-time access, PIM, access reviews, and clear production-access evidence
* Support security improvements in CI/CD pipelines, including SAST, SCA, secrets scanning, infrastructure-as-code scanning, and container scanning where appropriate
* Partner with software developers to make security findings understandable, actionable, and resolved at the source
* Serve as a technical partner to the Security and Privacy Compliance team for audits, customer reviews, risk assessments, and control evidence
* Work within documented change-control processes for security-relevant and production-relevant changes
* Support security and platform incident response when needed
**What Weβre Looking For**
* 8+ years of experience in cloud security, platform security, security engineering, infrastructure security, DevSecOps, SRE, DevOps, or related technical infrastructure roles
* 4+ years of experience in security-focused roles such as platform security, cloud security, application security, DevSecOps, or production security engineering
* Deep hands-on Azure experience, including AKS, Entra ID, networking, storage, Azure SQL, secrets management, monitoring, and production access controls
* Strong understanding of cloud/platform security architecture, least privilege, secure configuration, production access, and vulnerability remediation
* Hands-on experience with Kubernetes security, container security, workload identity, network controls, and production runtime hardening
* Experience with vulnerability management and practical prioritization based on exploitability, exposure, and business impact
* Experience with privileged access models, just-in-time access, PIM, access reviews, and least-privilege controls
* Experience with infrastructure as code using Terraform, Bicep, or comparable tooling
* Practical familiarity with CI/CD pipelines and software delivery workflows
* Ability to work directly with software engineers to explain and remediate security findings
* Ability to communicate technical security controls clearly to compliance, privacy, engineering, IT, and executive stakeholders
* Strong written communication skills for documentation, findings, exceptions, remediation plans, and audit evidence
* Ability to operate independently, identify gaps, make recommendations, and drive approved work to completion
**Nice to Have**
* 10+ years of relevant experience
* Experience in regulated environments such as HIPAA, SOC 2, ISO 13485, ISO 27001, FDA-regulated software, healthcare SaaS, fintech, or other high-assurance environments
* Experience with SaMD, medical device software, FDA QMSR, ISO 13485/MDSAP, or validated software development environments
* Familiarity with Aikido, CrowdStrike, Vanta, New Relic, Microsoft Defender for Cloud, Sentinel, or comparable tools
* Experience with SAML, OIDC, SCIM, SSO, MFA, Conditional Access, PIM, and access reviews
* Experience with Azure Policy, Log Analytics, Key Vault, managed identities, and workload identity
* Experience with GitHub Actions, Azure DevOps, or comparable development and release tooling
* Experience with threat modeling, secure architecture reviews, incident response, root-cause analysis, or tabletop exercises
* Certifications such as Azure Security Engineer Associate, Certified Kubernetes Security Specialist, CCSP, CISSP, or equivalent hands-on experience
**Our Environment**
Our platform and security environment includes Azure, AKS, Azure SQL, Azure
Storage, Entra ID, Conditional Access, PIM, CI/CD pipelines, infrastructure as
code, Aikido, CrowdStrike, Vanta, New Relic, .NET, Angular, multi-tenant SaaS
architecture, and regulated release/change-control processes.
**What Makes Someone Successful**
You will be successful if you can own platform security strategy and
implementation, separate real risk from scanner noise, communicate clearly
with engineering and compliance stakeholders, and build practical security
guardrails that help developers move faster and safer.
This is not a general DevOps role, a pure corporate IT role, or a checkbox
compliance role. DevOps and CI/CD are part of the role, but the primary focus
is cloud/platform security, production access, vulnerability management, and
practical risk reduction.
**Working Here**
* Remote-first, with required daily overlap with US Pacific business hours
* Direct visibility to the CTO
* Meaningful influence over engineering and platform security practices
* Company-managed compliant device required for privileged access
* Background screening required for roles with production access
* Participation in incident response, on-call escalation, scheduled maintenance, or urgent security work may be required
**Compensation**
The expected base salary range for this role is **$150,000 to $180,000** ,
depending on experience, technical depth, cloud/platform security expertise,
regulated software background, and overall fit. This role is also eligible for
equity and company benefits.
**Equal Opportunity**
SOTA Cloud Corporation is an equal opportunity employer. We value practical
problem-solving, ownership, technical excellence, strong execution, and clear
communication. We do not discriminate based on race, color, religion, sex,
national origin, age, disability, veteran status, genetic information, or any
other legally protected status.