Platform Engineer II (Cloud Security)

WHOOP
Boston, US
On-site

Who this role is best for

Geared toward mid-level cloud security engineers comfortable with automating secure-by-default practices in AWS and Kubernetes environments.

Best fit for

  • Engineers who prioritize embedding security into infrastructure design without hindering developer velocity.
    — “building scalable systems that make the secure path the easiest path
  • Candidates with production experience in Terraform and AWS IAM policy enforcement.
    — “Design, implement, and manage scalable, secure cloud infrastructure in AWS using Infrastructure as Code
  • Problem-solvers who proactively identify systemic risks in distributed systems.
    — “You are curious about how systems fail and motivated to proactively prevent issues

Things to consider

  • Mandatory Boston office presence with potential relocation requirement.
    — “The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office
  • Expect participation in incident response and compliance audits.
    — “Participate in incident response and troubleshooting for infrastructure and security events

How to stand out

  • Demonstrate concrete examples of policy-as-code implementations in past roles.
    — “Experience implementing policy-as-code or access control frameworks
  • Highlight cross-team collaboration on security-integrated developer tooling.
    — “Collaborate with platform, product, and data science teams to deliver resilient infrastructure
  • Quantify risk reduction from your IAM or secrets management work.
    — “Build and manage IAM systems, access controls, and least-privilege policies to reduce risk
Pace · SteadyCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Mid Level

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • Designed and implemented scalable, secure cloud infrastructure
  • Built and managed IAM systems and access controls
  • Improved secrets management and secure service-to-service authentication
Typical background
2-4 years of DevOps or Cloud Infrastructure experience

Skills & requirements

Required

AWS ServicesIAMVPCEC2S3CloudtrailTerraformCloud SecurityReliability PrinciplesLeast PrivilegeLogging/monitoringResource IsolationDisaster RecoveryKubernetesPythonGoJavaBashCi/cd PipelinesSecrets Management

Preferred

Cloud Security ToolingCompliance Frameworks

Stack & domain

AWSIamVpcEc2S3CloudtrailTerraformKubernetesEksPythonGoJavaBashCi/cd PipelinesSecrets ManagementMonitoringLoggingDisaster RecoveryProblem-solvingCommunicationCollaborationCloud SecurityInfrastructure

About the role

Original posting from WHOOP via Ashby

At WHOOP, we're on a mission to unlock human performance and healthspan. WHOOP empowers members to perform at a higher level and live longer through a deeper understanding of their bodies and daily lives. Protecting our members’ data and ensuring our systems scale securely and reliably is core to this mission.

As a Platform Engineer II on the Cloud Security team, you will play a key role in building and operating the infrastructure, tooling, and guardrails that protect WHOOP’s cloud environments. You will work at the intersection of security, infrastructure, and developer experience, helping ensure that secure-by-default practices are embedded into how systems are designed, deployed, and operated.

The Cloud Security team focuses on reducing risk across WHOOP’s cloud footprint by enforcing least-privilege access, strengthening IAM and secrets management, and detecting and preventing unauthorized access or lateral movement. This role is ideal for an engineer who enjoys automating security, improving developer workflows, and building scalable systems that make the secure path the easiest path.

RESPONSIBILITIES:

-

  • Design, implement, and manage scalable, secure cloud infrastructure in AWS using Infrastructure as Code (IaC) tools such as Terraform
  • Build and manage IAM systems, access controls, and least-privilege policies to reduce risk and limit blast radius
  • Implement automation and tooling to detect misconfigurations, privilege escalation risks, and anomalous behavior
  • Build and maintain secure, reliable, and auditable AWS and Kubernetes environments across multiple accounts and services
  • Improve secrets management, key rotation, and secure service-to-service authentication patterns
  • Collaborate with platform, product, and data science teams to deliver resilient infrastructure that enables rapid product development and member trust.
  • Contribute to the automation of cloud operations, from CI/CD pipelines to monitoring and alerting systems.
  • Develop and enforce guardrails for cloud security and compliance, including IAM, backups, logging, and configuration management.
  • Participate in incident response and troubleshooting for infrastructure and security events.
  • Participate in audits and compliance efforts by ensuring infrastructure is observable, auditable, and well-documented
  • Drive best practices in reliability, performance, cost optimization, and security across the platform.

QUALIFICATIONS:

-

  • 2-4 years of experience in DevOps, Site Reliability Engineering, or Cloud Infrastructure roles
  • Hands-on experience with AWS services, including IAM, VPC, EC2, S3, and CloudTrail
  • Experience with Infrastructure as Code in production environments (Terraform preferred).
  • Strong understanding of cloud security and reliability principles, including least privilege, logging/monitoring, resource isolation, and disaster recovery.
  • Experience with containerized platforms such as Kubernetes or Amazon EKS.
  • Proficiency with scripting or programming languages (Python, Go, Java, or Bash).
  • Familiarity with CI/CD pipelines, secrets management, and automated security or reliability tooling.
  • Strong problem-solving skills and ability to debug complex distributed systems
  • Effective communication skills and ability to collaborate across teams

BONUS QUALIFICATIONS:

-

  • Experience with cloud security tooling (e.g., CSPM, CNAPP, SIEM platforms)
  • Experience with compliance frameworks (e.g. SOC 2, HIPAA, GDPR, SOX, and/or SaMD).
  • Experience implementing policy-as-code or access control frameworks
  • Exposure to modern edge and delivery technologies such as Cloudflare, CDN configuration, and TLS/SSL certificate management.

ABOUT YOU:

-

  • You thrive on ownership and want to shape the foundation of WHOOP’s platform.
  • You believe security should enable developers, not block them, and strive to build guardrails over gates
  • You enjoy automating manual processes and building scalable solutions to reduce risk
  • You are curious about how systems fail and motivated to proactively prevent issues
  • You value simplicity, reliability, and clarity in system design
  • You collaborate well across teams and communicate technical concepts clearly

Learn more about our Software Org and how to be successful in your engineering career at WHOOP via our Career Framework https://engineering.prod.whoop.com/careerframework.

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.

Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.

WHOOP is an Equal Opportunity Employer and participates in E-verify https://www.e-verify.gov/ to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.

At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.

The U.S. base salary range for this full-time position is $125,000 - $175,000 Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. 

In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.

These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.

Source: WHOOP careers (Ashby)

Similar roles