About the Cloud Operations Team
The "Cloud Operations" organization at Syapse is responsible for the Cloud platform that enables healthcare providers to bring precision medicine to every cancer patient today.
This organization is responsible for the platform reliability, Information security, customer support, innovating user experience leveraging Cloud technologies and improving product delivery excellence.
We’re now in the process of scaling our platform and expanding access to precision cancer care. Because most cloud technologies aren’t HIPAA-compliant, we often build from the ground up. Our autonomous, feature-focused scrum teams work in two-week sprints and own projects end to end, while our domain-based guilds encourage collaboration across teams.
As Syapse continues to grow, we’ll expand our use of Containers, micro-services, CI/CD tools, automation frameworks, Cloud capabilities on data visualization and data metrics tools to expand the scalability features of our platform. And we’ll do that while prioritizing collaboration, ownership, and career progression. Our belief is the focus on building a reliable high performing Precision Oncology platform will help doctors deliver the best cancer care.
About the role
You will join our CloudOps Team to manage and inform the security posture of our service as our Cloud Security Application Architect. You will have the support of an InfoSec and DevOps team as well as the rest of the organization as we fully realize that we can only be successful through collaboration.
We primarily Build Syapse platform on public cloud(AWS) .We use most of AWS Compute and storage services along with PostgreSQL RDS, Aurora, DynamoDB, Redis, Elastic Search, Kinesis. Fully automated Infrastructure provisioning with Terraform and Application provisioning with Salt Stack. Jenkins and Circle CI for CI/CD workflows. The platform is fully built on Python, Django, celery and Rabbitmq along with lot more open-source frameworks. We are moving into microservices architecture using docker and kubernetes.
Your responsibilities in this role would include:
- Create and manage our Secure Development Lifecycle.
- Provide guidance to our development teams regarding designs and best practices as it relates to application security.
- Be part of proof of concept initiatives to test product ideas and recommend architecture design for product development.
- Partner with Cloud Architect to design and deliver services via public cloud in a secure manner.
- Evangelize Application Security through the organization. Implement continuous monitoring and alerting by leveraging log aggregation and event correlation capabilities.
- Manage continuous monitoring of the quality of our code. Leverage continuous integration and deployment to monitor and improve security of the software code.
- Agree on key performance indicators (KPI’s), implement analytics and report metrics on our security posture.
- Build a decentralized model facilitating self-service decisions whenever appropriate. In other words, don’t think about building gates unless you can argue why that is the only option.
- Participate in compliance activities such as our 3rd party penetration testing or annual HITRUST validation.
Our team prides itself on these best practices:
- Automate Everything.
- Not just meet SLA beat SLA’s.
- Customer First mindset.
- Proactive rather than reactive
What you bring to the table
- At least four (4) years experience in which you were on a team managing the security posture of a cloud based application. The fundamental practices of a well-run environment need to be old hat to you.
- At least six (6) years of experience architecting a cloud based solution.
- Scripting skills in Python (preferred), or other scripting languages (Bash, Perl, etc.).Solid Linux skills.
- Extensive hands-on expertise with cloud platform such as AWS (preferred), Google Compute or Azure is a must.
- Strong experience in Application Security practices such as threat modeling, input validation and authorization and access control models.
- At least four years experience in handling compliance audits (HIPAA preferred), software penetration testing
- At least 2 years of experience with compliance certifications like HITRUST or FEDRAMP or FISMA.
- Team player and Own it mindset.
Bonus points if you
- Understand the difference between a WAF and a RASP.
- Have a vision for what an SDLC should look like.
- Central authentication frameworks and data policies.
- Have experience to support your evangelist role. Public speaking, teaching or writing on the topics of security for example?
- Understand how to communicate your agenda in order to secure buy-in and support from the organization.
by via developer jobs - Stack Overflow
No comments:
Post a Comment