Security Engineer at Doctor on Demand
United States of America

We’re looking for an engineer to be the point person for our application and infrastructure-level security at Doctor On Demand. Currently, these duties are split between the CTO and CSO and backed by an engineering and IT team that is security-conscious and takes our stewardship of people’s health information very seriously. A successful candidate for this position will be comfortable evaluating existing code and architecture for vulnerabilities, ensuring that we continue to implement SDLC best practices, and managing our penetration testing pipeline.
This hire will have a huge opportunity to influence the overall direction of this part of the company and will report directly to the CSO.


Responsibilities:

 

  • Manage the application and infrastructure security of our HIPAA-compliant platform
  • Triage, verify and manage resolution of all issues identified via our continuous penetration testing partnership with Synack
  • Be the primary point of contact for the Security email address
  • Advise the CSO, CTO, and VP of Engineering on security tooling and best practices
  • Organize and implement Red Team / Blue Team exercises
  • Educate the engineering and IT teams on security best practices
  • Track and audit software dependencies; ensure all security patches are applied
  • Improve our existing SDLC and breach detection and recovery processes
  • Produce documentation for security audits and certifications (e.g. HITRUST)
  • Review pull requests related to authorization / authentication and other sensitive areas
  • Evaluate technical architecture proposals from a security perspective

 

Requirements:

 

  • Expertise in web application security (OWASP Top 10)
  • Experience with cloud security best practices
  • Knowledge of SDLC best practices
  • Ability to identify the root cause of an issue and follow-up with the appropriate team members
  • Experience mapping security controls to audit requirements
  • Strong interpersonal and oral / written communication skills

 

Bonus Points:

 

  • Experience securing containerized applications managed with Kubernetes on GCP
  • Experience working in a HIPAA-compliant environment
  • Experience working with Django and Python
  • Experience with HITRUST certifications

 

Perks:

 

  • Be a core leading member of a small, elite product/engineering team
  • Be part of a startup that is gaining national recognition and improving healthcare for millions of people
  • Flexible work hours and fun, fast-paced environment
  • Strong remote and work-from-home culture
  • Full benefits + competitive compensation
  • Unlimited PTO, wellness allowance and others