Security Engineer

Color is a health technology company that makes population-scale healthcare programs accessible, convenient, and cost-effective for everyone.  We have raised $100 million in Series E funding, bringing our valuation to $4.6 billion and our total raised amount to $378 million. We work with governments, public health institutions, employers, and national health initiatives around the world to provide the tools for preventive health and infectious disease management, including testing, vaccinations, and other services.
What we offer: 💰 Competitive salary ✨  Comprehensive medical, dental, vision, life, and disability benefits. Including employer HSA contributions.📈  401k match 📝 Monthly lunch, phone, and wifi stipend for remote employees🏝 Generous vacation policy, paid holidays and company-wide recharge days💌  Monthly  stipend to spend on your well being🍼  Equal paid parental leave for birthing and non-birthing parents 🧬 Four complimentary clinical-grade genetic testing kits for you and your family
Apply to join Color and do the most meaningful work of your career. If you are not sure that you’re 100% qualified but are up for the challenge - we want you to apply! 

As an Information Security Engineer at Color, you will contribute to company-wide initiatives to automate, optimize, and secure Color’s infrastructure.  You will help design and build solutions to scale securely and directly impact Color’s overall security posture, access controls, systems, and processes. This role mixes hands-on IC work with opportunities for leadership and working with other orgs across the company. 

How You'll Contribute

• Contribute to improvements to the security of our code, infrastructure, and processes
• Contribute to maintaining and improving monitoring and alerting, vulnerability management, and incident response tooling and processes
• Apply threat modeling as a primary tool to understand and secure our systems
• Help establish a positive security mindset across the org 
• Drive company-wide efforts to improve our security posture

Our Ideal Candidate Will Have

• 5+ years of industry experience as a software engineer, engineering manager, PM or TPM
• An understanding that security is a spectrum of risk vs cost, and that nothing is bulletproof or unbreakable
• A belief in craft and pragmatism: solving the problem at hand with the best tools for the job, whether that's custom code, third party tools, human processes, or watchful waiting
• An excitement about collaborating with product engineers, lab scientists, academic researchers, business people, and others across Color’s organization
• A strong viewpoint about modern security practices and techniques
• An ability to work in a collaborative development environment, giving/receiving feedback on code reviews and designs to help team members sharpen their thinking and practices
• Ability to execute independently, while being proactive about seeking input from colleagues
• Confidence coding managing and developing in cloud environments like AWS, with a variety of datastores, backends, and caching layers
• Experience with web frameworks like DjangoA desire to teach others about security

Projects You Might Tackle Include

• Implement secure audit logs for all access to PHI (personal health information).
• Build tools to allow authorized employees to access these logs as needed
• Identify and protect authentication methods
• Coordinate, automate, and improve vulnerability management processesCoordinate external penetration tests.
• Triage, prioritize, implement, and help other engineers fix issues that arise
• Maintain and tune logging and alerting tools
• Review and triage security disclosures from external researchers
• Support compliance efforts, eg FISMA and HIPAA

Color is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates. Color prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Color conforms to the spirit as well as to the letter of all applicable laws and regulations.
Mandatory Vaccination Policy DisclosureCOVID-19 Vaccination Requirement: Color requires anyone working onsite or visiting Color’s offices to confirm they are fully vaccinated against COVID-19 unless a medical or religious accommodation is timely requested and approved.  Please reach out if you have questions or concerns about this policy and how it may apply to your candidacy for a role with Color.