Head of Information Security at Color
Burlingame, CA, US

Recently named by Rock Health as the 'Best Digital Health Company to Work For,' Color is a leading healthcare technology company. Color  the leader in delivering advanced healthcare through clinical genetics. We make precision health programs accessible, convenient, and cost effective for everyone. Color partners with leading health systems, premier employers, and national health initiatives around the world including the million-person All of Us program by the National Institutes of Health.

Color is a leader in distributed healthcare and clinical testing. Color makes population-scale healthcare programs accessible, convenient, and cost-effective for everyone. Color works with health systems, employers, and national health initiatives around the world including the million-person All of Us Research Program by the National Institutes of Health. For more information about Color and its response to COVID-19, visit www.color.com

Color's current engineering team spans a wide range of interests, skills, and backgrounds. Many of us are infosec savvy and capable, but none of us do security full time. That's why we need you!

As Color's executive head of security, you will take the lead on defining and implementing the company's overall security posture. You'll work with our CEO, Head of Engineering, and the rest of the leadership team to secure our third party tools, in house code, production systems, data, and human processes.

This is an exciting opportunity to drive security and privacy for a company with unique assets and challenges: a genetic testing product, sensitive health data, a full in house clinical laboratory, and a wide range of other needs. You'll spend plenty of time on leadership, but you'll also have opportunities to dive in and get hands on, applying threat modeling to on site clinical health care, teaching engineers how to think like black hats, running fuzzers and scanners, and much more.

Show us you have the security mindset and see everything as a system to be exploited...and protected!

How You'll Contribute:

Own and improve our company's overall security posture

Work with other executive leaders to define our overall privacy posture

Apply threat modeling as a primary tool to understand and secure our systems

Help the entire Color engineering team learn and apply the security mindset to designing systems and writing code

Drive company-wide efforts to improve our securityEvaluate, integrate, and manage third party security tools and processes

Design and drive secure audit logging for all employee access to PHI (personal health information)

Analyze, quantify, and protect public datasets like Color Data from re-identification attacksCoordinate external penetration tests. Triage, prioritize, implement, and help other engineers fix issues that arise.

Evaluate, select, and help integrate modern security tools (eg IDSes) into our production and employee IT environments

Help engineers run fuzzers, scanners, static analyses, and other tools on our code and systems to discover vulnerabilities

Review and triage security disclosures from external researchers

Support and lead security compliance efforts, eg FISMA and HIPAA

Maintain resources for customers on our security posture and practices. Support our sales team when they answer questions.

Our Ideal Candidate Will Have:

You have the security mindset ingrained and see everything as a system to be exploited...and protected!

You understand that security is a spectrum of risk vs cost, and that nothing is bulletproof or unbreakable

You believe in craft and pragmatism: solving the problem at hand with the best tools for the job, whether that's custom code, third party tools, human processes, or watchful waiting

You are excited about collaborating with product engineers, lab scientists, academic researchers, business people, and others across Color

You have strong opinions (loosely held) about modern security practices and techniques

You are intrinsically motivated, able to execute independently, while being proactive about seeking input from colleagues

You're confident in modern cloud environments like AWS and GCP, and with web app tools like Python and Django, Docker and containerization, data processing pipelines, etc.

You enjoy teaching engineers - and everyone - about security!

Color is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates. Color prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Color conforms to the spirit as well as to the letter of all applicable laws and regulations.