Developer Security Ops Engineer (DevSec Ops Engineer)

What we want to accomplish and why we need you

Suki is creating a new category in the health-tech space: the digital assistant. Our product will be the voice user interface for healthcare. What does that mean? Currently, doctors use electronic health record systems to take notes on patient encounters. This is a digital version of the paper charts that you may have seen in your doctor’s office or on TV. These systems can be hard to navigate and time-consuming to manage. Doctors would rather spend that time with patients. We are creating the solution. Doctors that use Suki already spend over 70% less time on administrative tasks, and we’re striving to do even better. Come and join us! 

We are a user-driven company and are committed to making sure every pixel of our product is in service of the doctor. We’re a team of technologists, clinicians, and industry experts working together to push the limits on technology used in medicine. We’re confident enough to move fast and talented enough not to break things. Check out this short video to learn more about our mission and our culture.

Our tech stack includes GCP, Kubernetes, Golang, Python, React, C++, TypeScript, JavaScript, Swift, Kotlin, gRPC, and GraphQL.

What will you do everyday?

• Work with the product, devops, and other teams to identify the right security architecture for implementing new solutions, products and features. Help develop, implement and support product security strategy.
• Work closely with product management, engineering, and DevOps teams to implement, identify, and embed cybersecurity in a secure connected architecture.
• Deliver general security concepts in the software development lifecycle (Identity and Access Management, encryption, web application security, security logging, pen-testing processes, etc.).
• Support security initiatives and serve as a point of contact to build and securely scale cloud platforms.
• Manage program risks through effective identification, mitigation, tracking, and reporting of the identified risks.
• Present strategies, project plans and more to cross functional teams delivering risk management solutions that add value.
• Analyze computer security incidents and recommend appropriate measures to respond to computer security incident activity.
• Practice, Automate & Maintain HIPAA Compliance.
• Experience in introducing security testing into software delivery pipelines (CI/CD)
• Understanding of secure and defensive coding principles, especially OWASP top 10 or similar guidance frameworks
• Understanding of “cloud-native” and 12-Factor applications and how to deploy them securely
• Create design specifications and prepare technical documentation and run-books.
• Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the security program

Ok, you're sold, but what are we looking for in the perfect candidate?

• You are a hands-on engineer who leads by doing.
• You have experience in building and releasing infrastructure-as-code (IAC) in a controlled environment with an understanding of full lifecycle configuration management.
• You can leverage DevOps/DevSecOps tools to build, harden, maintain and instrument a comprehensive cloud-based security orchestration platform to be consumed in product CI/CD pipelines (Kubernetes, Terraform, SAST, DAST).
• You have the ability to multitask and prioritize multiple issues.
• You are expected to work with various multi-disciplinary teams, so it is vital that you are a team-oriented individual with priority on the successful completion of group goals.
• You foster and build a community of practice for collective learning of the security tools, practices, and systems across all disciplines

Qualifications*

• 5 years industry experience with at least 2 years experience in DevOps automation and tooling.
• Familiarity with both automated (i.e. SAST, DAST, SCA, etc.) & manual testing activities (i.e., Penetration Testing).
• Experience with cybersecurity domains including threat modeling, role-based access, OS hardening, vulnerability management, penetration testing, privacy, web applications, mobile applications, and cloud security.
• Strong understanding of IaaS, PaaS and cloud technologies. Specific experience with IaaS GCP, VPC Networking, Microservices, and container frameworks such as Kubernetes.
• Strong knowledge of DevOps, CI/CD and modern web and application development concepts, technologies, and lifecycle management.
• Excellent communication skills, both written and spoken.
• Experience collecting metrics, measuring systems and interpreting data to make decisions.
• Bachelor's degree in Computer Science, a related technical field, certifications, or equivalent practical experience.

* We don’t necessarily expect to find a candidate that has done everything we’ve listed, but you should be able to make a credible case that you’ve done most of it and are ready for the challenge of adding some new things to your resume.

Tell me more about Suki

• On a roll: Named by Fast Company as one of the most innovative companies, named Google’s Partner of the Year for AI/ML, named by Forbes as one of the top 50 companies in AI .
• Great team: Founded, managed, and backed by successful tech veterans from Google and Apple and medical leaders from UCSF and Stanford. We have technologists and doctors working side-by-side to solve complex problems.
• Great investors: We’re backed by Venrock, First Round Capital, Flare Capital, March Capital , and others. With our $55M Series C financing, we have the resources to scale.
• Huge market: Disrupting a massive, growing $30+ billion market for transcription, dictation, and order-entry solutions. Our vision is to become the voice user interface for healthcare, relieving the administrative burden on doctors instead of adding to it.
• Great customers: Our solutions are used in health systems and clinics across the country, supporting clinicians across dozens of specialties.  Check out what one of our users says about how Suki has helped his practice.
• Impact: You’ll make an impact from day one. You’ll join a team working towards a shared purpose with a culture built upon deep empathy for doctors and passion for making their lives better. 

Suki is an Equal Opportunity Employer. We are dedicated to building a company that fosters inclusion and belonging and reflects the diverse communities we serve across the country. We know we are stronger this way, and we look forward to growing our team with these shared values.