Grand Rounds’ vision is to create a path to great health and health care, for everyone, everywhere. Founded in 2011, the company provides an employer-based platform that delivers improved outcomes for patients and their families. It does this through an end-to-end solution that connects patients with care informed by the latest and best practices—preventing and correcting misdiagnoses and unnecessary or failed treatments. Named second among Glassdoor’s 2016 Best Places to Work, Grand Rounds helps restore individual health and quality of life, and offers employers lower health care spend and higher employee productivity.
Grand Rounds is looking for a world class Security Engineer who has a passion for secure coding practices, who enjoys identifying security threats and implementing security controls to protect applications and systems; someone who has a coding, programming background and understands software development principles and best practices.
In this role, you will work on Grand Rounds’s products and features from conception to deployment. You will act as the security consultant for the engineering and product teams. You will review code for security adherence. Most importantly, you will also help out to build and automate the tools that do all of the above so that you become a force multiplier to the team.
- Act as a consultant to engineering teams to ensure security and privacy of data and products.
- Triage reports from external researchers; drive confirmed issues to resolution with engineering teams.
- Drive security incident handling.
- Train the engineering teams on security and privacy related topics.
- Maintain awareness of industry security and privacy threats
- Build frameworks to provide secure defaults to engineering teams and tools that will automatically scan and detect security problems.
- Review implementation code of projects; identify security flaws, suggest and implement remediations.
- Build, automate, and operate automated security review capabilities for Grand Rounds including static and dynamic code analysis across multiple technology stacks and languages.
- Augmenting Continuous Integration pipeline to include security testing
- Maintain and audit IT Infrastructure security.
- Lead IT infrastructure integrations with partners from a security perspective.
- Perform code audits on internal, and open source libraries for inclusion in our products
- Extensive knowledge of internet security issues and threat landscape.
Desired qualifications and skills:
- Demonstrated security experience.
- Demonstrated software development proficiency in any language like Ruby, Python, Go, Java, etc.
- Experience with Web application vulnerabilities discovery or detection
- Static and Dynamic Analysis Techniques experience (developing models or executing analysis tooling)
- Deep understanding of information security principles. Published and demonstrated passion for security assessment research
- Strong demonstrated knowledge of internet protocols and an in-depth knowledge of Linux/Unix tools and architecture.
- Strong demonstrated knowledge of the following domains: cryptography, authentication and security protocols, cloud based services, and threat modeling.
- Well-rounded background in host, network and application security. Relevant network and network security experience (OSI model, firewalls, 802.1x, IPS, IDS, VPN))
- Ability to execute on individual projects while contributing to the team
- Ability to complete tasks on time
- Excellent written and verbal communication skills.
- Excellent teamwork, organization, influencing, and communication skills
- MS degree in Computer Science, Computer Engineering, Electrical Engineering
- Contribution in open source projects.
- Experience working with Cloud networks (AWS).
- Experience working in Healthcare, Financial, or other regulated environment
- Experience with breaking encryption, authentication, or authorization system flows
- Experience with code analyzers such as Fortify or Veracode.
- Experience with Wireshark, Metasploit, Snort, BackTrack, Burp Suite
- Certificates, licenses and registrations related to Information or Application Security such as CISSP, CEH, GWAPT, CEPT, GWEB