Security Operations Engineer
Biofourmis, United States
Job Description
Biofourmis is a digital therapeutics company that pioneered and is the leader in Personalized Predictive Care. Our disruptive turnkey technology uses advanced clinical grade wearable sensors to continuously monitor bio vitals and process them using our patented and FDA approved AI/ML algorithms to predict changes in physiology that are co-related to medical and disease events in the cardiac, oncology, respiratory, and other therapeutic areas.
We are a dynamic high-growth company, having quadrupled in size in the last 12 months. We have offices in Boston, Singapore, Bangalore, and Zurich, backing from some of the premier venture capitalists in the world, and enjoy the confidence of customers who are leaders in the healthcare space. Our talented team sports PhDs in Data Science and Biostatistics, world class systems and mobile software engineers, accomplished hardware and firmware engineers, and leaders in the clinical operations space.
Security Operations Engineer
The Security Operations Engineer is responsible to implement and execute state of the art Security tools and processes to help secure our cloud infrastructure and applications. This individual will work with security vendors to design, implement, and configure automated security and monitoring controls. Building a strong security conscious DevSecOps culture, the SecOps engineer will help maintain the security posture of all our applications and infrastructure by continuous monitoring and generating reports for Vulnerability scans and Intrusion detections. This will require you to balance the needs of the business with robust implementations of security controls such as WAF, SAST, DAST within CI/CD, across software and firmware.
Responsibilities
- Help Define and operationalize security standards, policies, and procedures.
- Automation of vulnerability assessments and other security related SecOps tasks
- Drive daily Vulnerability Scans across all products and report major vulnerabilities in Jira and follow up on resolutions.
- Identify new security threats by conducting continual monitoring, penetration testing, vulnerability assessments and log analysis.
- Create and maintain weekly/monthly reports to help in SOC2, HIPAA Audits.
- Stay current on emerging security threats, vulnerabilities and controls.
- Serves as the subject matter expert (SME) on Cloud Security.
- Collaborate closely with the multiple technology and cross-functional groups within the organization
Requirements
- 5+ years of experience in information security on cloud platforms.
- Hands on experience of working with Various security tools like Qualys, Nessus, Rapid7 and various industry standard intrusion detection tools/services like GuardDuty.
- Experience in performing Penetration Testing, Application Security scans or working with third party vendors providing these services.
- Strong experience in web application security eg (XSS, CSRF, SQL injection)
- Strong development background with security mindset, preferably in Java, Javascript, Node.js, React
- Experience with identifying and exploiting the unique security risks of cloud computing platforms including AWS and Azure.
- In-dept understanding of SAST, DAST, IAST methods.
- Excellent written and verbal communication skills targeting a broad range of audiences from engineers to senior leadership.
Desired Qualifications
- Work experience in medical devices / biotech company.