ABOUT THIS POSITION
This role is a core contributor to the design and implementation of secure cloud architectures across our multi-cloud environments (GCP primary; AWS/Azure supporting) and cloud-adjacent SaaS services. As a staff-level architect, you will focus on applying established security patterns, implementing guardrails, and partnering with engineering teams to ensure cloud workloads meet regulatory, audit, and customer assurance requirements typical of a healthcare payments organization (e.g., PCI DSS, HIPAA/HITECH, HITRUST, SOC 2, SOX, and aligned NIST controls).You will work under the guidance of security engineering leadership, helping translate standards into practical implementations, improving cloud security posture, and enabling secure-by-design delivery.
WHAT YOU'LL DO
Cloud security design & implementation
Contribute to and maintain cloud security reference architectures, standards, and implementation patterns for IaaS, PaaS, containers/Kubernetes, and serverless workloads.
Partner with engineering and platform teams to apply approved security patterns in new and existing cloud workloads.
Landing zone & governance support
Help implement and operate secure cloud landing zone controls including account/project structures, network segmentation, IAM boundaries, logging, and policy guardrails.
Support infrastructure-as-code and policy-as-code implementations aligned with defined standards.
Identity & access management
Implement least-privilege IAM for workforce and workload identities.
Support MFA, conditional access, secrets management, and privileged access patterns designed by senior architects.
Data protection
Apply encryption, key management, tokenization, and data handling standards for sensitive data including payment and healthcare data.
Assist with data classification, retention, and secure deletion controls in cloud platforms.
Security-by-design in engineering
Participate in threat modeling and security design reviews for cloud services and applications.
Help integrate DevSecOps and SDLC security controls into CI/CD pipelines using established tooling and patterns.
Detection & response readiness
Ensure required cloud audit logs, telemetry, and security signals are enabled and flowing to centralized monitoring.
Partner with Security Operations to improve visibility, detection coverage, and incident readiness in cloud environments.
Vulnerability & configuration management
Help define and maintain cloud hardening baselines, container/image standards, and configuration compliance controls.
Work with engineering teams to remediate recurring or systemic cloud security findings.
Third-party & SaaS security
Support reviews of cloud-connected vendors and SaaS integrations against established security requirements.
Assist in defining and validating compensating controls and monitoring expectations.
Audit & evidence support
Partner with GRC and audit teams to map technical cloud controls to compliance frameworks.
Support evidence collection, control validation, and remediation activities during audits and assessments.
Conduct Security Reviews
Work with project teams to evaluate the security of new, cloud-based initiatives, project, and products for customer facing and internal use applications.
Compliance, risk, and assurance expectationsDesign cloud security controls aligned to PCI DSS, HIPAA/HITECH, HITRUST CSF, SOC 2, SOX ITGC, and internal security standards.
Support continuous compliance efforts such as automated configuration checks, continuous monitoring, and repeatable evidence generation.
Participate in risk assessments, exception handling, and corrective action plans for cloud security gaps.
Contribute to customer assurance activities by providing clear technical explanations and diagrams with guidance from senior architects.
WHAT YOU'LL NEED
3+ years of hands-on experience securing workloads in public cloud environments (Google Cloud Platform (GCP), AWS, or Azure). Multi-cloud experience preferred.
Solid understanding of core cloud security concepts: IAM, networking, segmentation, logging/monitoring, encryption, key management, secrets management, and workload security.
Experience using infrastructure-as-code and automation tools (e.g., Terraform, CloudFormation, Bicep) and supporting CI/CD pipelines.
Familiarity with container and/or Kubernetes security fundamentals.
Experience participating in threat modeling or security design reviews.
Strong written and verbal communication skills; able to document designs and explain security requirements to engineering teams.
Bachelor’s degree in Computer Science, Engineering, or a related field (or equivalent practical experience).
Preferred qualificationsExposure to PCI DSS, HIPAA/HITECH, or HITRUST control implementation in cloud environments.
Experience with CSPM tools, cloud-native security services, or SIEM integrations.
Familiarity with application security and DevSecOps tooling (SAST/DAST/SCA, secrets scanning).
Knowledge of modern cloud patterns such as zero trust, API security, or event-driven architectures.
Relevant certifications (one or more): CCSP, GCP Professional Cloud Security Engineer, AWS/Azure security specialty, or equivalent.
ABOUT WAYSTAR
Through a smart platform and better experience, Waystar helps providers simplify healthcare payments and yield powerful results throughout the complete revenue cycle.
Waystar’s healthcare payments platform combines innovative, cloud-based technology, robust data, and unparalleled client support to streamline workflows and improve financials so providers can focus on what matters most: their patients and communities. Waystar is trusted by 1M+ providers, 1K+ hospitals and health systems, and is connected to over 5K commercial and Medicaid/Medicare payers. We are deeply committed to living out our organizational values: honesty; kindness; passion; curiosity; fanatical focus; best work, always; making it happen; and joyful, optimistic & fun.
Waystar products have won multiple Best in KLAS® or Category Leader awards since 2010 and earned multiple #1 rankings from Black Book™ surveys since 2012. The Waystar platform supports more than 500,000 providers, 1,000 health systems and hospitals, and 5,000 payers and health plans. For more information, visit waystar.com or follow @Waystar on Twitter.
WAYSTAR PERKS
- Competitive total rewards (base salary + bonus, if applicable)
- Customizable benefits package (3 medical plans with Health Saving Account company match)
- We offer generous paid time off for our non-exempt team members, starting with 3 weeks + 13 paid holidays, including 2 personal floating holidays. We also offer flexible time off for our exempt team members + 13 paid holidays
- Paid parental leave (including maternity + paternity leave)
- Education assistance opportunities and free LinkedIn Learning access
- Free mental health and family planning programs, including adoption assistance and fertility support
- 401(K) program with company match
- Pet insurance
- Employee resource groups
Waystar is proud to be an equal opportunity workplace. We celebrate, value, and support diversity and inclusion. Qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, marital status, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
Similar Jobs at Waystar
What you need to know about the Austin Tech Scene
Key Facts About Austin Tech
- Number of Tech Workers: 180,500; 13.7% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Dell, IBM, AMD, Apple, Alphabet
- Key Industries: Artificial intelligence, hardware, cloud computing, software, healthtech
- Funding Landscape: $4.5 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Live Oak Ventures, Austin Ventures, Hinge Capital, Gigafund, KdT Ventures, Next Coast Ventures, Silverton Partners
- Research Centers and Universities: University of Texas, Southwestern University, Texas State University, Center for Complex Quantum Systems, Oden Institute for Computational Engineering and Sciences, Texas Advanced Computing Center
