We empower independent practices to bring modernized care to patients everywhere.
Security Architect
Location
United States
Posted
2 days ago
Salary
$178K - $203K / year
Seniority
Mid Level
Job Description
Tebra only initiates contact with candidates via email from an official Tebra email address (@tebra.com, @patientpop.com, or @kareo.com) or through our applicant tracking system, Greenhouse. We will only ask you to provide sensitive personal information through our official application portal — not via social media or text message. We do not conduct interviews via instant messaging.
About the Role
The Security Architect is a technical, hands-on senior role responsible for designing and implementing robust security architectures across Tebra’s hybrid and cloud environments. You will drive the strategy to strengthen our overall security posture, ensure compliance (SOC2, HITRUST, PCI DSS), and proactively manage risk. You will have the unique opportunity to embed security into the DNA of our platform, shifting left through DevSecOps integration and enabling engineering teams to build securely by default in GCP.
Key Responsibilities
- Cloudflare & Edge Defense: Own the strategy and execution for the Cloudflare ecosystem to secure the network edge. This includes architecting WAF rules (using RegEx), DDoS protection, Bot Management, and writing custom edge logic using Cloudflare Workers (JS/TS).
- GCP Security Architecture: Lead the design of security controls within Google Cloud Platform, specifically for Vertex AI, BigQuery, VPC Service Controls, IAM, and Security Command Center.
- Kubernetes & Container Security: Architect and verify security for GKE environments, including container hardening, securing Helm charts, and implementing runtime security policies.
- DevSecOps & Automation: Embed security into CI/CD pipelines (Cloud Build, GitHub Actions) using Infrastructure as Code (Terraform). Orchestrate security workflows using Workato, building custom Python API endpoints to expose internal security logic to the platform.
- Threat Modeling & Risk: Lead threat modeling for critical applications and feature releases, proactively identifying design-level flaws before deployment.
- Mentorship & Culture: Be a role model for security best practices; mentor engineers on secure coding standards and up-level the organization’s understanding of cloud security.
- Incident Response: Lead the technical response to complex security incidents, using SQL/KQL to query logs and forensics data to ensure rapid recovery and root cause elimination.
- Governance: Conduct regular risk assessments to identify control gaps and ensure technical alignment with SOC2, HITRUST, and PCI DSS requirements.
Your Professional Qualifications
- Experience: 7+ years of experience in Information Security with deep hands-on expertise in network Architecture.
- Education & Certifications: Master’s degree in Cybersecurity required. GCP Professional Cloud Security Engineer certification is highly preferred.
- GCP & AI Depth: Deep experience securing Google Cloud Platform, including specific experience with Vertex AI services and BigQuery analytics controls.
- Core Security Stack: Proven ability to manage and tune Cloudflare (WAF/Zero Trust) and CrowdStrike Falcon (EDR/XDR).
- Technical & Automation Fluency: Expert proficiency in Python for building custom automation APIs and Workato for orchestration. Working knowledge of HCL for Terraform code review, JavaScript/TypeScript for Cloudflare Workers, SQL for BigQuery analysis, and RegEx for custom WAF rule creation.
- Kubernetes Mastery: Strong understanding of Kubernetes (GKE) security, including node pools, network policies, and securing Helm deployments.
- Compliance: Solid understanding of risk assessment methodologies (NIST RMF) and mandatory compliance frameworks (SOC2, HITRUST, PCI DSS).
(For Recruiter use only) #LI-SS1 #LI-Remote
We are dedicated to attracting and retaining top talent with competitive and fair compensation. For this position, this range reflects our Zone 1 (National Average) pay band. Your specific compensation is thoughtfully determined by your experience, qualifications, the specific requirements of the role, and your Geo Zone. Our geo-zone system ensures your pay is competitive for your location, recognizing varying costs of labor across regions.
Our four geo zones are designed to reflect this:
Zone 1: National Average
Zone 2: Moderately Higher Cost Regions
Zone 3: High-Cost Regions
Zone 4: Lower-Cost Regions
Beyond base compensation, Tebra offers eligible employees the opportunity for variable pay and a robust benefits package, reflecting our commitment to your overall well-being. In compliance with California pay transparency laws, the specific compensation range applicable to your Geo Zone will be shared during your initial talent screen.
About Tebra
Kareo and PatientPop have joined forces to become Tebra, the digital backbone for practice well-being. While our teams are still supporting both products, our new hires and current employees are now united as Team Tebra.
Tebra aims to unlock better healthcare by helping independent practices bring modernized care to patients everywhere. Well over 100,000 providers trust Tebra to elevate their patient experience, and help them grow their practice. At Tebra, we’re building the future of well-being together. That shared vision for tomorrow begins with compassion and humanity today.
Our Values
Start with the Customer
We get to know our customers - and their patients - and look at the world through their lens.
Keep It Simple
Healthcare is too complex. We aim to simplify it for everyone.
Stay Entrepreneurial
We reject the status quo and solve problems with creativity, perseverance, and a bias to action.
Better Together
We are diverse, humble, and collaborative. We put the team first and win together.
Celebrate Success
Life is short and joy is underrated. We take time to have fun and celebrate success.
Perks & Benefits
United States: In addition to our healthcare benefits, we also offer amazing perks! Need work from home basics? We offer a discount through Dell! We also offer a number of resources to help you keep your mind and body healthy. Check out Gympass for a great workout, or TelusEmployee Assistance Program to find mental health resources, along with other resources for everyday occurrences.
Costa Rica: To assist with all of life’s needs, Tebra also offers a wellness and childcare subsidy and a University/Education discount! We also offer a number of resources to help you keep your mind and body healthy. Check out Gympass for access to health and fitness apps, or Telus Employee Assistance Program to find mental health resources, along with other resources for everyday occurrences.
Compliance & Privacy Disclosures
NOTE: Tebra is an equal opportunity employer. All applicants will be considered for employment without attention to age, race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
California residents who apply or are recruited for a job with us: please carefully review our California-specific Privacy Notice under the California Consumer Protection Act here: https://www.tebra.com/privacy-policy/california-supplemental-notice/
If you would like to report a fraudulent Tebra job posting, please contact us at talentacquisition@tebra.com and consider reporting your experience to the FBI's Internet Crime Complaint Center or the Better Business Bureau to help keep others safe online, too.
As part of our commitment to a fair and efficient hiring process, Tebra utilizes BrightHire, an interview intelligence platform, for our phone and video screenings. This technology records and transcribes interviews to help us ensure consistency, reduce bias, and make more informed hiring decisions. By applying for this position, you acknowledge that your interview may be recorded.
Job Requirements
- Experience: 7+ years of experience in Information Security with deep hands-on expertise in network Architecture.
- Education & Certifications: Master’s degree in Cybersecurity required. GCP Professional Cloud Security Engineer certification is highly preferred.
- GCP & AI Depth: Deep experience securing Google Cloud Platform, including specific experience with Vertex AI services and BigQuery analytics controls.
- Core Security Stack: Proven ability to manage and tune Cloudflare (WAF/Zero Trust) and CrowdStrike Falcon (EDR/XDR).
- Technical & Automation Fluency: Expert proficiency in Python for building custom automation APIs and Workato for orchestration. Working knowledge of HCL for Terraform code review, JavaScript/TypeScript for Cloudflare Workers, SQL for BigQuery analysis, and RegEx for custom WAF rule creation.
- Kubernetes Mastery: Strong understanding of Kubernetes (GKE) security, including node pools, network policies, and securing Helm deployments.
- Compliance: Solid understanding of risk assessment methodologies (NIST RMF) and mandatory compliance frameworks (SOC2, HITRUST, PCI DSS).
Benefits
- Competitive and fair compensation.
- Variable pay opportunities.
- Robust benefits package reflecting commitment to overall well-being.
- Work from home discounts through Dell.
- Access to Gympass for health and fitness resources.
- Telus Employee Assistance Program for mental health resources.
- Wellness and childcare subsidy in Costa Rica.
- University/Education discount in Costa Rica.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
The Staff Engineer will advance the frontier of AI Reinforcement Learning development by building the infrastructure and tooling necessary to transform real-world vulnerability research into large-scale reinforcement learning environments. This involves designing pipelines that ingest software projects, analyze them using Company’s Mayhem platform, and automatically construct training environments for frontier AI systems.
Cloud Security Engineer
WorkstreetBest-in-class trust services for high-growth companies. Vanta’s biggest services partner.
Cloud Security Engineer designing and implementing security controls for clients
Security Solution Architect
JFrogOn a mission to create a world of software delivered without friction from developer to device.
The Security Solution Architect will lead the design of high-level, enterprise-grade DevSecOps architectures, serving as the primary technical authority for deep-dive customer sessions on application security and the software supply chain. This role also involves driving executive communication, capturing field use cases to influence the product roadmap, and executing competitive strategy.
High School Teacher - Chemistry
CALIFORNIA VIRTUAL ACADEMY AT LOS ANGELESThe work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. A flexible schedule is required. This position is a virtual position working from a home office. Must have ability to travel throughout the school year within and between assigned geographic areas to support students, attend regularly scheduled meetings, proctor state exams and participate in school activities and orientations.
Our postings are eligibility pools for positions that may arise during the 2026-2027 school year, ONLY. Applications and interviews are for consideration to be placed in the eligibility pool. As our enrollment continues to grow during the year, there is no way to forecast when a ...
