Senior Cloud Security Engineer

Who are we and why should you join us?

BetterHelp is on a mission to remove the traditional barriers to therapy and make mental health care more accessible to everyone. Founded in 2013, we are now the world’s largest online therapy service, providing affordable and convenient therapy in across the globe. Our network of over 30,000 licensed therapists has helped millions of people take ownership of their mental health and change their lives forever. And we’re not stopping there – as the unmet need for mental health services continues to grow, BetterHelp is committed to being part of the solution.

As a Senior Cloud Security Engineer at BetterHelp, you’ll join a diverse team of licensed clinicians, engineers, product pros, creatives, marketers, and business leaders who share a passion for expanding access to therapy. And as a mental health company, we take employee mental health just as seriously as we do our mission. We deeply invest in our team’s well-being and professional development, because we know that business and individual growth go hand-in-hand. At BetterHelp, you’ll carve your own path, make an immediate impact, and be challenged every day – with a supportive community behind you the whole way.

What are we looking for?

We’re looking for a Senior Cloud Security Engineer to join the Security team to help improve the security of our production systems and help ensure secure, global access to therapy for our members and therapists.

A strong candidate for this position will be an expert in containerization, AWS technologies, and Kubernetes. We’re looking for someone who cares and wants to be involved in our product, mission, and success - way beyond checking off tasks. And, of course, at BetterHelp, you will enjoy true teamwork.

What will you do?

• Work with DevOps and Security Engineering to harden our entire cloud infrastructure, ensuring security across all AWS resources.
• Design, implement, and maintain secure, reliable infrastructure and automation.
• Design and implement observability patterns that ensure team awareness of issues.
• Participate in our culture of experimentation, proposing load-testing experiments to improve platform uptime and resiliency.
• Implement security best practices in GitHub Actions, ArgoCD, and other CI/CD tools to ensure secure deployment pipelines.
• Manage and secure edge infrastructure by configuring and optimizing AWS WAF, AWS Shield, and network routing strategies to prevent malicious traffic and ensure secure access to services.
• Participate in an on-call rotation.
• Mentor other team members.
• Develop and deploy automation to make your job easier.
• Have access to whatever training resources can help you succeed.

What technologies will you work with?

• AWS
• Docker / Containerd
• Kubernetes / Istio / Helm / Argo
• Terraform
• Logging / Monitoring / Alerting stacks
• SIEM
• GitHub

What will you NOT do?

• You will NOT worry about "runway", "cash left", or "how much time we have until the next round". We have the startup DNA but we're fully backed and funded, all the way to success.
• You will NOT be confined to your "job". You will get involved in product, marketing, business strategy, and almost everything we do.
• You will NOT be bogged down by office politics, ego, or bad attitude. Only positive, pleasure-to-work-with people are allowed here!
• You will NOT get yourself burned out. We work hard but we believe in maintaining a sustainable work/life balance. Really.

Can I work remotely?

Yes. We operate on PST and candidates in any time zone are welcome to apply. We ask employees to travel to our San Jose, CA office up to three times per year plus one company-wide offsite to collaborate in person and strengthen working relationships. Travel expenses are covered and reasonable accommodations are made for those under unique circumstances who cannot travel.

Requirements

• 6+ years of experience as a DevOps Engineer, DevSecOps Engineer, Cloud Security Engineer, or equivalent.
• Expert knowledge of AWS services such as EKS, EC2, VPC, S3, CloudFront, etc.
• You’ve used Terraform to manage all your AWS resources and don’t even know how to log into the web console.
• Proficient with configuration languages such as YAML or HCL.
• Experience configuring and using CSPM software
• Experience monitoring, reviewing, and responding to AWS security alerts to identify, mitigate, and resolve potential security issues.
• Networking knowledge, with the ability to design, configure, and maintain VPN and inter VPC systems.
• Fluent in Python, Bash, or another scripting language.
• Expert knowledge of Linux systems.
• Advanced knowledge of container runtimes such as Docker or Containerd.
• Experience running Kubernetes at scale.
• Experience with contemporary CI/CD methodologies, such as GitOps.
• Strong verbal and written communication skills.

Benefits

• Remote work with regular in-person bonding experiences sponsored by the company
• Competitive compensation 
• Holistic perks program (including free therapy, employee wellness, and more)
• Excellent health, dental, and vision coverage
• 401k benefits with employer matching contribution
• The chance to build something that changes lives – and that people love
• Any piece of hardware or software that will make you happy and productive
• An awesome community of co-workers

The base salary range for this position is $150,000 - $200,000. In addition to the base salary, this position is eligible for a performance bonus and the extensive benefits listed here (subject to eligibility requirements): Teladoc Health Benefits 2025. Total compensation is based on several factors – including, but not limited to, type of position, location, education level, work experience, and certifications. This information is applicable to all full-time positions.

At BetterHelp we thrive on difference and individuality, and as part of the Teladoc Health family, we are proud to be an Equal Opportunity Employer. We never have and never will discriminate against any job candidate or employee due to age, race, ethnicity, religion, sex, color, national origin, gender, gender identity, sexual orientation, medical condition, marital status, parental status, disability, or Veteran status.