Cloud Security Engineer

Fullscript · Ottawa, ON / Toronto, ON / Calgary, AB / Vancouver, BC

About Fullscript

We’re an industry-leading health technology company on a mission to help people get better. We started in 2011 with one simple idea. Make it easier for practitioners to access the products they trust so they can deliver better care.

That simple idea grew into a platform that powers every part of care. Today, more than 125,000 practitioners use Fullscript for clinical insights, lab interpretations, patient analytics, education, and access to high-quality supplements. Over 10 million patients rely on Fullscript to stay connected to their care plans and follow through on treatment.

We build tools that make care smarter and more human. Tools that save time, simplify decisions, and help practitioners stay closely connected to the people they care for. When everything they need is in one place, they can focus on what matters most: helping people get better.

This is your invitation.

Bring your ideas, your grit, and your care for people.
Join us and shape the future of care.

The Opportunity

Fullscript is looking for a Cloud Security Engineer to help secure the cloud platforms that power care delivery for millions of patients.

In this role, you’ll partner with engineering teams to design, build, and operate secure-by-default cloud infrastructure across AWS and Google Cloud. You’ll help protect sensitive health data, harden our cloud footprint, automate guardrails, and move cloud security from project-by-project work into a scalable, programmatic practice.

You’ll work closely with Security Engineering, GRC, SOC, Platform Engineering, and product teams to prevent, detect, and respond to cloud-native threats. This is a hands-on engineering role for someone who likes solving complex infrastructure problems with code, cares about helping teams ship securely, and wants their work to support better patient outcomes.

What you'll do

Design and implement cloud security controls across AWS and Google Cloud, including multi-account architecture, network segmentation, data protection, and secure-by-default infrastructure patterns.
Build reusable Terraform modules, reference architectures, policy-as-code guardrails, and self-service tooling that make secure implementation easier for engineering teams.
Operate and tune CSPM/CNAPP tooling to identify misconfigurations, exposures, toxic combinations, and coverage gaps across Fullscript’s cloud environments.
Drive remediation of cloud vulnerabilities and misconfigurations, balancing risk, engineering effort, customer impact, and business priorities.
Strengthen IAM, secrets management, key rotation, cloud credentials, machine identities, and just-in-time access patterns across cloud and SaaS environments.
Embed security into CI/CD pipelines through IaC scanning, container image scanning, SBOM generation, artifact protection, and software supply chain controls.
Partner with the SOC and engineering teams on cloud-native detections, logging, runbooks, incident response, post-incident learning, and secure AI/ML workload patterns.

What you bring to the table

4+ years of security engineering experience, including 2+ years focused on cloud security in AWS and/or Google Cloud.
Strong understanding of cloud-native attack paths, IAM risks, network controls, data protection, key management, secrets management, and workload identity.
Hands-on experience with infrastructure-as-code, ideally Terraform, and a strong understanding of how to secure it at scale.
Ability to write code in Python, Go, or a similar language to automate detection, remediation, and security workflows.
Experience integrating security tooling into CI/CD pipelines and developer workflows without creating unnecessary friction.
Working knowledge of at least one compliance framework such as SOC 2, HIPAA, HITRUST, PCI-DSS, or ISO 27001, with the ability to translate requirements into technical controls.
Strong communication and collaboration skills, with a bias toward enabling teams, influencing without authority, and helping engineers build securely.

Bonus if you have

Experience in healthcare, fintech, or another regulated environment.
Hands-on experience with CSPM or CNAPP tools such as Wiz, Prisma Cloud, Lacework, or similar platforms.
Experience securing Ruby on Rails, JavaScript, TypeScript, GraphQL, containerized workloads, or modern cloud-native applications.
Cloud incident response, forensics, or threat hunting experience.
Experience securing AI/ML workloads, LLM integrations, data science platforms, autonomous AI systems, or non-human identities.
Familiarity with AI/ML model supply chain risks, AI-specific SBOMs, or controls for limiting blast radius and privilege escalation.
Open-source contributions or experience building internal security tooling.

What we can offer you

Salary range: $100,000 to $110,000 CAD
Remote-first flexibility to work where you work best, with Ottawa, Toronto, Calgary, or Vancouver preferred for this role.
Flexible PTO and competitive pay, because work-life balance matters
RRSP/401k match and stock options to invest in your future
Premium benefits package with customizable coverage, paramedical services, and an HSA.
Fullscript discounts to save on high-quality wellness products
Continuous learning opportunities to grow your skills and career

Fullscript shares salary ranges to support transparency and help candidates make informed decisions. The range shown reflects base salary only and does not include stock options, wellness stipends, or other benefits that are part of Fullscript’s total rewards package.

Final compensation depends on experience, skills, and location. We review pay regularly to stay aligned with market data and internal equity. Benefits and total rewards may vary by region.

Why Fullscript

Great work happens when people feel supported, trusted, and inspired. At Fullscript, we stay curious and keep finding smarter ways to make care better. We grow together, take on new challenges, and focus on impact. We put people first, work as a team, and leave egos at the door.

What to Know Before You Apply

We’re grateful for the interest in joining Fullscript. To make sure your application reaches our hiring team, please apply directly through our careers page.

A quick note: Due to the high volume of applications, we’re not able to respond to phone or email inquiries about application status. If there’s a match, our team will reach out directly.

Fullscript is an equal opportunity employer committed to creating an inclusive workplace. Accommodations are available upon request at [email protected].

All offers are contingent on successful background checks conducted in compliance with federal, state, and provincial laws.

We use AI tools to support parts of the hiring process, including screening and reviewing responses. Final hiring decisions are always made by people and follow all applicable privacy and employment laws in Canada and the U.S.

Learn More

www.fullscript.com

@fullscriptHQ on instagram

@fullscript on YouTube

FullScript on LinkedIn

Security pay context

Based on 1,696 disclosed Security salaries on RoleSuite, the role pays a median of $142K/year, with most offers between $112K and $183K (10th–90th percentile: $91K–$216K).

This posting lists $100K–$110K, below the $142K market median.

See the full Security salary breakdown →

Apply →

Cloud Security Engineer

Security pay context

Other roles at Fullscript

More Security roles