Senior Security Operations Engineer
Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. Backed by venture investors such as Glynn Capital, Google Ventures, Redmile Group, dRx Capital and Lux Capital, we are seeking a razor-sharp Senior SecOps Engineer to join the team. The Senior SecOps Engineer will be responsible for maintaining the security of the NORA (Network Oriented Research Assistant) platform.
DUTIES AND RESPONSIBILITIES
- Develop and implement a SecOps strategy
- Perform security assessments of production, corporate, and cloud infrastructure
- Harden our clients, servers, and networks against exploitation and privilege escalation
- Automate security controls and best practices in a DevOps/Continuous Integration environment
- Monitor access to systems and attempts at exploits
- Perform manual and automated compliance, vulnerability and penetration testing
- Lead efforts to implement security policies, remediation processes and put supporting tools in place
- Assess risk while proposing workable mitigation strategies
- Manage AWS VPCs, security groups and ACLs
- Perform technical security assessments, code audits and design reviews side by side with engineering teams
- Develop technical solutions to help mitigate security vulnerabilities through automation
- Advocate security and secure practices
QUALIFICATIONS & SKILLS
- Bachelor’s degree
- Demonstrated experience with data security needs in a mission critical environment
- Knowledge of HiTRUST or PCI Compliance
- Experience supporting governance and regulatory requirements
- Understand requirements for the implementation and fulfillment of technical components of ISO 27001 certification.
- Advanced knowledge of Linux operating systems
- Experience with system hardening and implementing security controls in an SaaS environment
- Demonstrable experience scripting with languages like Python, PowerShell, bash, etc.
- Experience with AWS (IAM, VPC, CloudTrail, KMS, HSM, S3 encryption offerings, etc.)
- Strong experience in application-level vulnerability testing and code-level security auditing
- Hands-on experience with SIEM, IDS, IPS and WAF solutions
- Experience with log aggregation tools such as ELK stack, Splunk, SumoLogic
- General understanding of common web application deployment models and components
- Positive attitude and ability to work in a fast-paced environment
- Ability to communicate and manage well at all levels of the organizations
- Ability to articulate ideas to both technical and non-technical audiences
- Commitment to results; is focused and results driven
- Excellent time management skills
- Action oriented and innovative; able to translate broad goals into achievable steps
- Motivating; knows how to influence and enable others
- Strong problem solving and creative skills and the ability to exercise sound judgment and make decisions based on accurate and timely analyses
- High level of integrity and dependability with a strong sense of urgency and results-orientation
- Ability to communicate in English (both verbal and written).
Science 37 values the well-being of its employees and aims to provide team members with everything they need to succeed. Enjoy daily healthy catered lunches, snacks and beverages, and top-notch equipment such as the latest Macbook Pro, 4k monitors, and adjustable standing desks. Submit your resume to apply!