About the Job

SimplePractice is the future of practice management. We’re at the forefront of making it simple for clinicians to run and grow their practices and growing quickly.We’ve built the highest-rated practice management software and we’re on track to become the market leader.

We are looking for a DevSecOps engineer who has a strong motivation to deliver customers stable and secure systems as part of the Infrastructure and Information Security group. Under the supervision of the Infrastructure Director, you will be focused on building Cybersecurity practices and processes, with an automation first mindset. You will be responsible for implementing security features into data platform products and ensure the security of all products is maintained throughout the product lifecycle

What you'll do day-to-day

• Recommend and implement security controls with expertise in systems security and cloud platforms.
• Collaborate with application development teams to create and maintain a Secure Product Development Life-cycle process to ensure that cyber security requirements/controls can be embedded within the product development process
• You will be responsible for monitoring application performance, provisioning, maintaining and scaling infrastructure as well as work on building internal tools for the automation of routine tasks
• Be accountable for system updates, backups, uptime, logging, alerts, and testing
• Participate in 24/7 on-call rotation
• Engineer, implement and monitor security measures for the protection of computer systems, networks and information
• Automate the provisioning, configuration, scaling, and monitoring of our platform
• Lead 3rd party penetration tests and incident response trainings
• Evaluate risk assessment results and formulate corrective action plans
• Serve as a security expert and provide guidance and technical leadership to other staff members. • Works with development and QA teams to establish and maintain unit testing tools and QA automation tools
• Review information security news for information relevant to the organization
   

The ideal candidate

• Bachelor's degree in Computer Science (or equivalent) or higher degree
• Excellent Linux skills and experience with running high-available Ruby on Rails applications (> 99.95% uptime) 
• Ability to conduct application cybersecurity risk assessment and develop mitigation plansExperience with our current stack - RoR, Nginx, Passenger, MySQL, Redis
• Experience in support of compliance/certification activities and participating in security audits/reviews.
• Previous experience with AWS infrastructure and EC2 instances
• Good understanding of configuration management tools like Chef, Puppet or Ansible and monitoring tools like DataDog
• Ability to analyze and resolve complex infrastructure resource and application deployment issues
• Working knowledge of Javascript and Ruby on Rails.
• Problem solving skills and ability to work under pressure
• Passion, drive, energy, a sense of humor, great attitude and team player!

Bonus Points

• Experience with global failover and load balancers
• Working knowledge of administering MySQL databases and MySQL replication
• Information security related work background or CISSP certification

Technology Stack and Tools you will be working with

• Ruby on Rails
• EmberJS/ReactJS
• Nginx
• Phusion Passenger
• Capistrano
• MySQL
• Terraform
• Ansible
• Redis
• Kibana
• Chef
• DataDog

California Job Applicant Privacy Notice

Thank you for your interest in opportunities at SimplePractice LLC (“SimplePractice” or “us” or “we” or “our”). 
 

Please note that when you submit your resume or application materials to us for employment purposes, we may collect the following categories of personal information about you: 
 

• Identifiers (e.g., name, address, email address, and phone number); protected characteristics (e.g., sex, gender, age, citizenship, disability status, and veteran status); professional or employment-related information (e.g., employment history, educational background, certificates and licenses, work eligibility information and other information obtained from your resume, cover letter, your responses to our application questions, background check forms, and your references); other personal records (e.g., signature, photograph, and criminal background information); and inferences drawn from personal information collected (e.g., creating a profile that reflects your abilities and aptitudes).
   

We collect the above categories of personal information for the following business purposes:
 

• To perform recruitment and hiring services; to manage the workforce; to comply with federal and state laws, and to maintain security (e.g., to detect and prevent against security risks and incidents, to prevent against fraudulent or illegal activity, and to ensure compliance with our company policies and procedures). 
   

For more information about our privacy practices, please visit our Privacy Policy or contact us at [email protected].