Waystar Jobs

Staff Cloud Security Specialist

Waystar

Staff Cloud Security Specialist

Posted Yesterday

Be an Early Applicant

2 Locations

In-Office

Mid level

Healthtech • Payments • Software

Waystar provides market-leading technology that simplifies and unifies healthcare payments.

The Role

Design and implement secure multi-cloud architectures (GCP primary; AWS/Azure supported). Build landing zones, IAM, encryption, and guardrails; integrate security into CI/CD and DevSecOps; support detection/response, vulnerability management, SaaS reviews, and audit evidence for healthcare payment compliance (PCI, HIPAA, HITRUST, SOC2, SOX). Partner with engineering, platform, and GRC teams to operationalize cloud security standards and remediation.

Summary Generated by Built In

ABOUT THIS POSITION

This role is a core contributor to the design and implementation of secure cloud architectures across our multi-cloud environments (GCP primary; AWS/Azure supporting) and cloud-adjacent SaaS services. As a staff-level architect, you will focus on applying established security patterns, implementing guardrails, and partnering with engineering teams to ensure cloud workloads meet regulatory, audit, and customer assurance requirements typical of a healthcare payments organization (e.g., PCI DSS, HIPAA/HITECH, HITRUST, SOC 2, SOX, and aligned NIST controls).
You will work under the guidance of security engineering leadership, helping translate standards into practical implementations, improving cloud security posture, and enabling secure-by-design delivery.

WHAT YOU'LL DO

Cloud security design & implementation

Contribute to and maintain cloud security reference architectures, standards, and implementation patterns for IaaS, PaaS, containers/Kubernetes, and serverless workloads.

Partner with engineering and platform teams to apply approved security patterns in new and existing cloud workloads.

Landing zone & governance support

Help implement and operate secure cloud landing zone controls including account/project structures, network segmentation, IAM boundaries, logging, and policy guardrails.

Support infrastructure-as-code and policy-as-code implementations aligned with defined standards.

Identity & access management

Implement least-privilege IAM for workforce and workload identities.

Support MFA, conditional access, secrets management, and privileged access patterns designed by senior architects.

Data protection

Apply encryption, key management, tokenization, and data handling standards for sensitive data including payment and healthcare data.

Assist with data classification, retention, and secure deletion controls in cloud platforms.

Security-by-design in engineering

Participate in threat modeling and security design reviews for cloud services and applications.

Help integrate DevSecOps and SDLC security controls into CI/CD pipelines using established tooling and patterns.

Detection & response readiness

Ensure required cloud audit logs, telemetry, and security signals are enabled and flowing to centralized monitoring.

Partner with Security Operations to improve visibility, detection coverage, and incident readiness in cloud environments.

Vulnerability & configuration management

Help define and maintain cloud hardening baselines, container/image standards, and configuration compliance controls.

Work with engineering teams to remediate recurring or systemic cloud security findings.

Third-party & SaaS security

Support reviews of cloud-connected vendors and SaaS integrations against established security requirements.

Assist in defining and validating compensating controls and monitoring expectations.

Audit & evidence support

Partner with GRC and audit teams to map technical cloud controls to compliance frameworks.

Support evidence collection, control validation, and remediation activities during audits and assessments.

Conduct Security Reviews

Work with project teams to evaluate the security of new, cloud-based initiatives, project, and products for customer facing and internal use applications.

Compliance, risk, and assurance expectations

Design cloud security controls aligned to PCI DSS, HIPAA/HITECH, HITRUST CSF, SOC 2, SOX ITGC, and internal security standards.

Support continuous compliance efforts such as automated configuration checks, continuous monitoring, and repeatable evidence generation.

Participate in risk assessments, exception handling, and corrective action plans for cloud security gaps.

Contribute to customer assurance activities by providing clear technical explanations and diagrams with guidance from senior architects.

WHAT YOU'LL NEED

3+ years of hands-on experience securing workloads in public cloud environments (Google Cloud Platform (GCP), AWS, or Azure). Multi-cloud experience preferred.

Solid understanding of core cloud security concepts: IAM, networking, segmentation, logging/monitoring, encryption, key management, secrets management, and workload security.

Experience using infrastructure-as-code and automation tools (e.g., Terraform, CloudFormation, Bicep) and supporting CI/CD pipelines.

Familiarity with container and/or Kubernetes security fundamentals.

Experience participating in threat modeling or security design reviews.

Strong written and verbal communication skills; able to document designs and explain security requirements to engineering teams.

Bachelor’s degree in Computer Science, Engineering, or a related field (or equivalent practical experience).

Preferred qualifications

Exposure to PCI DSS, HIPAA/HITECH, or HITRUST control implementation in cloud environments.

Experience with CSPM tools, cloud-native security services, or SIEM integrations.

Familiarity with application security and DevSecOps tooling (SAST/DAST/SCA, secrets scanning).

Knowledge of modern cloud patterns such as zero trust, API security, or event-driven architectures.

Relevant certifications (one or more): CCSP, GCP Professional Cloud Security Engineer, AWS/Azure security specialty, or equivalent.

ABOUT WAYSTAR

Through a smart platform and better experience, Waystar helps providers simplify healthcare payments and yield powerful results throughout the complete revenue cycle.

Waystar’s healthcare payments platform combines innovative, cloud-based technology, robust data, and unparalleled client support to streamline workflows and improve financials so providers can focus on what matters most: their patients and communities. Waystar is trusted by 1M+ providers, 1K+ hospitals and health systems, and is connected to over 5K commercial and Medicaid/Medicare payers. We are deeply committed to living out our organizational values: honesty; kindness; passion; curiosity; fanatical focus; best work, always; making it happen; and joyful, optimistic & fun.

Waystar products have won multiple Best in KLAS® or Category Leader awards since 2010 and earned multiple #1 rankings from Black Book™ surveys since 2012. The Waystar platform supports more than 500,000 providers, 1,000 health systems and hospitals, and 5,000 payers and health plans. For more information, visit waystar.com or follow @Waystar on Twitter.

WAYSTAR PERKS

Competitive total rewards (base salary + bonus, if applicable)
Customizable benefits package (3 medical plans with Health Saving Account company match)
We offer generous paid time off for our non-exempt team members, starting with 3 weeks + 13 paid holidays, including 2 personal floating holidays. We also offer flexible time off for our exempt team members + 13 paid holidays
Paid parental leave (including maternity + paternity leave)
Education assistance opportunities and free LinkedIn Learning access
Free mental health and family planning programs, including adoption assistance and fertility support
401(K) program with company match
Pet insurance
Employee resource groups

Waystar is proud to be an equal opportunity workplace. We celebrate, value, and support diversity and inclusion. Qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, marital status, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Skills Required

3+ years hands-on experience securing workloads in public cloud environments (GCP, AWS, or Azure)
Multi-cloud experience (GCP primary; AWS/Azure supportive environments)
Solid understanding of IAM, networking/segmentation, logging/monitoring, encryption, key management, secrets management, and workload security
Experience using infrastructure-as-code and automation tools (Terraform, CloudFormation, Bicep) and supporting CI/CD pipelines
Familiarity with container and/or Kubernetes security fundamentals
Experience participating in threat modeling and security design reviews
Strong written and verbal communication; ability to document designs and explain security requirements to engineering teams
Bachelor's degree in Computer Science, Engineering, or related field (or equivalent practical experience)
Exposure to PCI DSS, HIPAA/HITECH, or HITRUST control implementation in cloud environments
Experience with CSPM tools, cloud-native security services, or SIEM integrations
Familiarity with application security and DevSecOps tooling (SAST/DAST/SCA, secrets scanning)
Knowledge of modern cloud patterns such as zero trust, API security, or event-driven architectures
Relevant certifications (CCSP, GCP Professional Cloud Security Engineer, AWS/Azure security specialty, or equivalent)

Waystar Compensation & Benefits Highlights

Healthcare Strength — Company materials describe multiple medical plan options with HSA contributions and access to mental‑health resources; dental and vision coverage are included.
Leave & Time Off Breadth — Offerings include generous PTO, paid holidays, volunteer time off, and paid parental leave for maternity, paternity, and adoption.
Retirement Support — A 401(k) plan with company matching is available and highlighted across public benefit descriptions.

Learn more about Waystar's Compensation & Benefits →

Waystar Insights

What's It Like to Work at Waystar? Waystar Culture & Values Waystar Career Growth & Development What's the Work-Life Balance Like at Waystar? Waystar Leadership & Management Waystar Company Growth, Stability & Outlook

View all jobs at Waystar

View Waystar Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Louisville, KY

1,757 Employees

Year Founded: 2017

What We Do

Waystar harnesses the power of agentic AI, generative AI, and advanced automation to drive meaningful outcomes so providers reach peak financial performance and patients receive care with confidence. The Waystar platform is used by more than 1 million providers and supports over 60% of the U.S. patient population - and integrates with all major HIS and practice management systems. The financial and administrative challenges facing healthcare providers are daunting. Waystar’s technology platform simplifies and unifies healthcare payments across the revenue cycle. We empower healthcare organizations to automate manual work, gain insight into processes and performance, and ultimately collect more revenue. At Waystar, we know there’s a better, more efficient way forward. Let’s climb the mountain ahead of us to reach new heights in healthcare.

Why Work With Us

Our Waystar values serve as a compass to center our decisions, inspire action, and promote outstanding performance. We are dedicated to providing a diverse, inclusive workplace and fostering a shared sense of belonging.