Senior Security Engineer - Infrastructure and DevOps
Hinge HealthWe are the leading digital clinic for back, joint, and muscle pain. Explore how our online care solutions go beyond traditional physical therapy to provide lasting pain relief.
WHAT YOU’LL ACCOMPLISH
- Evaluate requests for the use of new AWS services, make recommendations whether the service should be used in our environment and if approved assess the risks, create standards and guidelines for use of those services.
- Review proposed changes and additions to AWS infrastructure against the Security pillar of the AWS Well-Architected Framework, HIPAA, HITRUST, other regulatory requirements and other security best practices and frameworks as needed.
- Contribute to the improvement of existing standards and guidelines for the use of IaaS infrastructure and related SaaS platforms including those hosted within AWS.
- Review Terraform Infrastructure as Code (IaC) change requests to ensure the changes meet all security requirements and verify the change being made adheres to the reviewed design.
- Review current and proposed integrations between Hinge Health infrastructure and third party SaaS platforms and integrations partners/clients. Assist Security Risk team with risk assessments of these platforms and integrations and the IAM team with any required service accounts, API keys, etc.
- Contribute to the improvement of Software Development Life Cycle management policies, procedures, and standards.
- Implement automated security scanning tools (SCA, SAST, DAST, etc.) into the CI/CD pipeline and assist with triage and risk assessment of results.
WHAT WE'RE LOOKING FOR
- Securing Cloud Infrastructure: Ability to use well known control frameworks (HITRUST CSF, NIST, etc.), vendor best practices (AWS Well-Architected Framework) and security industry best practices to develop policies, procedures and standards for the secure use of a variety of cloud hosted services. Examples include but are not limited to applying the principle of least privilege in design AWS IAM permissions, securing Amazon EKS, Amazon Aurora, and Amazon S3.
- Automate Security Testing: Ability to configure and automate security scans as part of the CI/CD process, interpret the results and work directly with engineers on prioritization and remediation.
- Communication: Ability to partner with engineers and product managers to implement security by design.
- Judgment: Ability to assess the risk of vulnerabilities, tradeoffs in designs, etc. to categorize and prioritize remediation work.
- Incident Handling: Be able to work as a subject matter expert in the security controls, internal communications, and infrastructure of Hinge Health applications during security incidents.
- Proactive: Enjoys proactively, asking questions and examining systems and processes for possible flaws and reaching out to relevant teams to identify and verify vulnerabilities that may not have been found by automated scanning and schedule manual reviews.
- Experience securing applications in Health Care, securing ePHI and HIPAA/HITECH regulations.
- Experience with any of the following, deploying web based services on AWS infrastructure, Kubernetes, Aurora/RDS, GitHub Actions, Terraform IaC
- Familiarity with HITRUST CSF and NIST control frameworks.
- Experience in Threat Modeling
- Typescript, ReactNative, Ruby on Rails, GraphQL
- Experience performing security assessments and secure design of hardware and firmware of medical devices communicating over Bluetooth
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security AWS CI/CD Cloud DAST DevOps GitHub HIPAA HITRUST IaaS IAM Incident response Kubernetes Machine Learning Microservices NIST Pentesting Privacy Product security Risk assessment Ruby S3 SaaS SAST SDLC Security assessment Terraform TypeScript Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open DoD-related jobs