Sr SecOps Engineer
Biofourmis, United States

Biofourmis is a digital therapeutics company that pioneered and is the leader in Personalized Predictive Care. Our disruptive turnkey technology uses advanced clinical grade wearable sensors to continuously monitor bio vitals and process them using our patented and FDA approved AI/ML algorithms to predict changes in physiology that are co-related to medical and disease events in the cardiac, oncology, respiratory, and other therapeutic areas.

We are a dynamic high-growth company, having quadrupled in size in the last 12 months. We have offices in Boston, Singapore, Bangalore, and Zurich, backing from some of the premier venture capitalists in the world, and enjoy the confidence of customers who are leaders in the healthcare space. Our talented team sports PhDs in Data Science and Biostatistics, world class systems and mobile software engineers, accomplished hardware and firmware engineers, and leaders in the clinical operations space.

Security Operations Engineer

The Senior Security Operations Engineer is responsible for implementing and executing state of the art security tools and processes to help secure our cloud infrastructure and applications. This individual will work with security vendors to design, implement, and configure automated security and monitoring controls. Building a strong security conscious DevSecOps culture, the Sr. SecOps Engineer will help implement security, principles, tools, and best practices in CI/CD pipelines, software and firmware, and deployed infrastructure and applications. The Sr. SecOps Engineer will help maintain security and compliance posture through continuous monitoring, regular reporting, automated and manual testing, incident response, and process improvement.

• Help define and operationalize security standards, policies, and procedures.
• Automate vulnerability assessments and other security related SecOps tasks
• Identify new security threats by conducting continual monitoring, penetration testing, vulnerability assessments. and log analysis.
• Lead incident response, remediation, and resolution of security events or risks.
• Create and maintain security records and reports in development (Jira), compliance or QMS systems.
• Support compliance activities and requirements such as SOC2, HIPAA audits.
• Serve as the subject matter expert (SME) on Cloud security.
• Stay current on emerging security threats, vulnerabilities, controls and practices.
• Mentor less experienced members of the SecOps team.
• Collaborate closely with the multiple technology and cross-functional groups within the organization

Requirements

• 5+ years security operations experience (SecOps, DevSecOps) in a regulated industry.
• 3+ years of hands-on security experience in AWS.
• 2+ years of experience implementing and securing container platforms such as Kubernetes and Docker.
• Strong development background with security mindset, preferably in Java, Javascript, Node.js, React.
• Hands on experience security tools or cloud services for IDS, SIEM, penetration testing, vulnerability scanning, EDR, and MDR (e.g., Qualys, Nessus, Rapid7, GuardDuty)
• Advanced knowledge of security controls and best practices across a full stack including networking, Linux systems, databases, software applications, and web applications.
• Deep understanding of the software development life Cycle including implement security principles CI/CD pipelines (SAST, DAST, IAST) and into deployed applications.
• Understanding of security risk assessments and frameworks (e.g., SOC2, HITRUST, ISO 270XX, NIST CSF, NIST 800-XX, COBIT, etc.), regulations (e.g., GDPR, CCPA), and industry best practices.
• Strong communication skills including the ability to create and maintain written documentation.

• Work experience in medical devices / biotech company.
• Experience with HIPAA, HITRUST, or other healthcare regulations and standards.
• Experience with both AWS and Microsoft Azure is a plus.

Job Rewards and Benefits