Cloud Security Engineer

Location: Vilnius

Department: Engineering

The Scale of the Challenge

At Flo we don't just have users, we have a global community. We are the #1 women's health app, in the last month alone, we saw 8.6M new installs and a 2.8M increase in active users.

When millions of people trust you with their most personal health data, security isn't a feature — it's a foundation. We are looking for a Cloud Security Engineer to join Velocity, our Internal Platform team. Your mission is to ensure that every system, pipeline, and tool our engineers rely on is secure by default — so they can ship fast without ever compromising trust.

The Mission: Velocity

The Velocity team exists to eliminate friction. We build and own the foundation everything else runs on: cloud infrastructure, developer tooling, and SRE practices. You will:

• Embed Security Into the Platform: Bake security, compliance, and best practices into the core stack so they're invisible to developers and impossible to skip.
• Automate Everything: Drive security-as-code across infrastructure, CI/CD pipelines, and container lifecycles — making manual gates a thing of the past.

What You Will Do

• Cloud Security Posture: Own and continuously strengthen Flo's AWS security posture using tools like GuardDuty, Inspector, Security Hub, and SSM Patch Manager.
• Container & Supply Chain Security: Harden container image security end-to-end — patch vulnerabilities automatically with Copacetic, sign and verify images with Cosign/Sigstore, and enforce policies at admission with Kyverno.
• Policy as Code: Manage CI/CD security across the organisation using policy-as-code tooling (Kyverno, Checkov), ensuring standards are enforced programmatically.
• Security Observability: Build visibility into security performance by measuring and visualising actionable metrics using tools like Databricks Dashboards or Looker.
• High-Scale Privacy: Support the infrastructure for industry-leading privacy features, such as our TIME-recognised "Anonymous Mode."
• Culture & Thought Leadership: Shape Flo's broader security culture through proactive engagement, documentation, and cross-team collaboration.

What You Bring

• Experience: 7+ years in Infrastructure Security, Cloud Security, or Security Engineering roles.
• Cloud Native Mastery: Deep expertise in AWS security services and best practices is essential.
• Infrastructure as Code: Proficient in Terraform and Terragrunt — you run everything as code.
• Container Security: Strong knowledge of Kubernetes security, image hardening, and admission control.
• Identity & Access: Solid understanding of identity management principles — SSO, OAuth, JWT, SAML.
• Automation Mindset: Comfortable scripting in Python, Bash, or similar to automate security workflows.
• Network Security: Understanding of modern network security principles and their practical application.
• SSDLC: Experience building Secure Software Development Lifecycle phases into engineering workflows.

Bonus Points

• Experience with security monitoring and event correlation systems (IDS/IPS, SIEM, AWS-native tooling).
• Knowledge of Zero Trust Architecture and its implementations (e.g., Cloudflare).
• Familiarity with secret management processes and tools.
• Experience in multi-cloud environments (AWS and preferably GCP).
• Understanding of business continuity principles (BIA, DRP).
• Professional accreditations such as AWS Security Specialty, CKS, or CISSP.

Why Join Flo?

• High Impact: Your work directly protects the health data of millions - Flo is rewriting women's health, and you'll make sure it's done securely.
• Autonomy: We hire experts and empower you to deliver.
• Cutting-Edge Stack: Work with modern security tooling (GuardDuty, Kyverno, Cosign, Elastic Cloud Security) deployed on real production infrastructure at massive scale.