Senior Product Security Architect

Remote

Applications have closed

Curative Inc.

Health care that's easy with our health plan. No copays, deductibles or out-of-pocket costs. Get in touch to learn about our affordable health insurance.

View company page

# Why Join Us

Curative is taking on fundamentally changing US healthcare. We are building a vertically integrated platform for managing the health of our patients. No more silos or navigating multiple companies to seek care and unexpected bills. We’re rebuilding from first principles, focusing on patients and delivering the highest quality care, not billing. Preventative care will be made easy and accessible to our patients, facilitated by the lab infrastructure we built for the scale of the covid19 pandemic. The work we’ve done delivering more than 20 million covid tests and 2 million vaccinations during the pandemic has given us the resources and lessons to achieve this mission.

 

# Information Security at Curative:

This team moves fast, and you should be excited about interacting with a wide variety of stakeholders—you'll have a direct impact on how patients, doctors, and other care professionals all interface securely with Curative. You should have a strong interest in building tools, be comfortable working with new technologies, and have a strong sense of enabling business operations through secure designs.  

 

Finally it's important to us that everyone on our team be prepared to work with and supportive of a variety of backgrounds, roles, and needs. Our organization is built on trust and mutual respect, we know that it's only together that we achieve truly great things.

 

Note: This role can be remote but the candidate must be able to travel onsite to Curative HQ as well as other Curative locations across the United States

 

# What you'll do

Reporting to the Head Of Security Architecture, this role is a critical part of our DevSecOps program. As a Senior Security Architect you will be working very closely with the leading architects, product, and engineering teams to provide continuous support in secure product architecture and design. This role will lead Curative’s product security activities, make risk mitigation recommendations, and suggest and review solutions.  

# Responsibilities

  • Conduct security design reviews and threat modeling to existing and new software products and features developed internally, as well as for different 3rd party and open source technologies
  • Develop and lead the application security vulnerability management program, using SAST, DAST and penetration testing tools and approaches to identify and triage bugs and provide guidance on remediation to developers
  • Provide requirements for security features in Curative’s products and services (e.g. credential management, access provisioning, authentication and authorization, data security, application security, app logging) 
  • Deliver system security architecture diagrams and security architecture specifications
  • Define and evangelize application security best practices 
  • Develop secure coding guidelines and training for developers
  • Evaluate design and implementation of product features for compliance. 
  • Develop proof of concept mitigations to guide developers in remediation
  • Design automation to improve security integration in the DevSecOps workflow.
  • Take an active part in the company architectural forums and provide the security perspective in new initiatives and projects  

 

 

# Requirements

  • Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
  • Significant experience in running threat modeling for complex systems 
  • Experience with the OWASP Top 10 and SANS 25, how to identify and remediate them  
  • Experience with Application security scanning technologies (IaST, DaST) and Penetration testing methodologies
  • Experience with secure coding practices and a track record of successfully evangelizing adoption of those practices by development teams. 
  • Experience with public cloud environments and technologies, including Amazon Web Services (AWS) or other
  • Experience in DevOps environments and automating security controls into the CI/CD process.
  • Solid understanding of Information Security including understanding of IT Security frameworks, policies, standards and technologies – HIPAA/SOX/PCI/SOC2 etc...
  • Familiarity with foundational security technologies enough to select the right toolsets and technical controls.  
  • Experience in working with software development groups and development executives 
  • Experience with Containerized microservices and Kubernetes. 
  • Ability to mentor and teach junior engineers and architects to grow capability in the team
  • Information security certification such as CISSP, GIAC or OSCP
  • Python or other scripting language.  
  • SQL and/or other data manipulation skills

# Bonus:

  • Understanding of Mitre ATT&CK 
  • Experience collaborating with IT operations, product teams, SRE teams
  • Any other DevSecOps experience
  • Experience in the healthcare industry
  • Experience with BDD and user security stories as part of testing protocols

About Us

Co-founded by CEO Fred Turner and powered by a team of world-leading doctors, scientists, engineers, and health industry experts, Curative responded in March 2020 to the urgent need for COVID-19 testing, ultimately developing a network of thousands of testing sites across over 40 states and three CLIA-certified, high-complexity laboratories. As a result, Curative and its managed medical entities provided over 30 million COVID-19 tests and over 2 million COVID-19 vaccines.

Curative’s patient-facing services, healthcare facilities, integrated supply chain, and labs are part of a large platform we've built from the ground up that has allowed us to grow quickly and more efficiently than other healthcare companies. As a result, we were one of the first companies to respond to the pandemic providing COVID-19 testing at scale across the United States. 

We are now implementing a new model of comprehensive healthcare delivery focused on the whole person's well-being: providing expanded healthcare and wellness services while also streamlining access to preventative care. We are setting out to change healthcare in the United States and fundamentally re-designing the way that patients interact with their healthcare and health insurance. By building a connected platform for managing the health of our patients, we believe that we can deliver a better healthcare experience at a lower cost and with better outcomes so that our patients can focus on getting and staying well. Our model delivers healthcare by investing in patient preventive health from the start, reducing the barriers to entry to traditionally complex care networks and eliminating the concern of unexpected medical bills. Curative will launch its first members-only healthcare offering in Austin, January 2023. 

For more details on Curative and to stay tuned on what’s ahead, please visit curative.com and follow on Facebook, Instagram, and Twitter.

Tags: Application security Automation AWS CI/CD CISSP Cloud Compliance DAST DevOps DevSecOps GIAC HIPAA Kubernetes Microservices MITRE ATT&CK Open Source OSCP OWASP Pentesting Product security Python SANS SAST Scripting SDLC SOC 2 SQL Vulnerability management

Perks/benefits: Team events Wellness

Region: Remote/Anywhere
Job stats:  11  2  0
Category: Architecture Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.