Security Ops Engineer

Biofourmis is a rapidly growing, global digital health company filled with committed, passionate professionals who care about augmenting personalized care and empowering people with complex chronic conditions to live better and healthier lives. We are pioneering an entirely new category of medicine by developing clinically validated, software-based therapeutics to provide improved outcomes for patients, smarter engagement & tracking tools for clinicians, and cost-effective solutions for payers. We are collectively devoted to a single-minded idea: powering personally predictive care.

Our dynamic growth has been marked by quadrupled headcount in the last 12 months via both expansion & acquisition, yielding a global footprint with offices in Boston, Singapore, Bangalore, and Zurich. We are backed by prominent international venture capital investment & have cultivated relationships with worldwide healthcare stakeholders over the last 5 years. Our talented team features numerous PhD’s in Data Science and Biostatistics, over 80 patents, prolific scientific publications, world-class systems, developers & engineers, and leaders in the clinical operations space.

Senior Security Operations Engineer

The Senior Security Operations Engineer is responsible to implement and execute state of the art security tools and processes to help secure our cloud infrastructure and applications. This individual will work with internal teams and security vendors to design, implement, and configure automated security and monitoring controls. Building a strong security conscious DevSecOps culture, the Sr. SecOps Engineer will help implement security, principles, tools, and best practices in CI/CD pipelines, software, and firmware, and deployed infrastructure and applications. The Sr. SecOps Engineer will help maintain security and compliance posture through continuous monitoring, regular reporting, automated and manual testing, incident response, and process improvement.  

Responsibilities

• Help define and operationalize security standards, policies, and procedures.
• Automate vulnerability assessments and other security related SecOps tasks.
• Identify new security threats by conducting continual monitoring, penetration testing, vulnerability assessments. and log analysis,
• Lead incident response, remediation, and resolution of security events or risks.
• Create and maintain security records and reports in development (Jira), compliance, or QMS systems.
• Support compliance activities and requirements such as SOC2 and HIPAA audits.
• Serve as the subject matter expert (SME) on software and Cloud security.
• Stay current on emerging security threats, vulnerabilities, controls and practices.
• Mentor less experienced members of the SecOps team.
• Collaborate closely with the multiple technology and cross-functional groups within the organization.

Requirements

• 5+ years security operations experience (SecOps, DevSecOps) in a regulated industry.
• 3+ years of hands-on security experience in AWS.
• 2+ years of experience implementing and securing container platforms such as Kubernetes and Docker.
• Strong development background with security mindset, preferably in Java, Javascript, Node.js, React.
• Experience applying software security principles—OWASP, SSDF, or SSF, for example—in software development life cycle.
• Experience incorporating security practices in CI/CD pipelines (SAST, DAST, IAST).
• Hands on experience with security tools or cloud services for IDS, SIEM, penetration testing, vulnerability scanning, EDR, and MDR (e.g., Qualys, Nessus, Rapid7, GuardDuty)
• Advanced knowledge of security controls and best practices across a full stack including networking, Linux systems, databases, software applications, and web applications.
• Understanding of security risk assessments and frameworks (e.g., SOC2, HITRUST, ISO 270XX, NIST CSF, NIST 800-XX, COBIT, etc.), regulations (e.g., GDPR, CCPA), and industry best practices.
• Strong communication skills including the ability to create and maintain written documentation.

Preferred

• AWS certification such as Security Specialty, DevOps Engineer, or Solutions Architect.
• Demonstrated AWS experience with the following:
• Amazon Elastic Kubernetes Service (EKS).
• AWS CloudFormation.
• AWS CodeDeploy.
• AWS Certificate Manager (ACM).
• Hands-on experience with CI/CD testing tools for SAST, DAST, IAST.
• Hands-on experience with automation tools such as Jenkins.
• Development experience with containers, microservices, or mobile applications.
• Experience working with teams that follow Agile and DevOps methodologies.
• Work experience in medical devices / biotech company.
• Experience with HIPAA, HITRUST, or other healthcare regulations and standards.