InfoSec Engineer

| Greater Boston Area
Please apply via our website at
Apply now

Company Overview

Buoy is a series-B funded health-tech company using artificial intelligence to help people find the right care at the right time. Started by a team of doctors and computer scientists working at the Harvard Innovation Laboratory in Boston MA, Buoy was developed in direct response to the downward spiral we’ve all faced when we attempt to self-diagnose our symptoms online. Buoy leverages artificial intelligence – powered by advanced machine learning and proprietary granular data - to resemble an exchange you would have with your favorite doctor – to provide consumers with a real-time, accurate analysis of their symptoms and help them easily and quickly embark on the right path to getting better. Buoy is based in Boston and was founded in 2014.

Job Description

Buoy is looking for an InfoSec Engineer with a strong security focus to help set initiatives and implement best practices in the areas of infrastructure and network security.  Reporting to the Director of DevOps, you will develop a set of security standards and best practices for the organization, and recommend security enhancements to management as needed. You will be responsible for implementing and managing security systems, identifying and testing for vulnerabilities, and implementing new security policies to secure our data and infrastructure. You will work cross functionally with product, legal, operations, and engineering to advocate for security priorities.


  • Perform penetration testing on our network and applications
  • Develop and maintain a risk registerImplement security into our CICD or software delivery pipelines
  • Implement and manage various protection systems such as antivirus, SIEM, and vulnerability management
  • Think proactively about security risks and mitigate them before they come an issue
  • Communicate security priorities across the organization to make sure it is in the DNA of the Buoy organization to put security first
  • Work with legal to prevent, detect, and report security breaches

Minimum Qualifications

  • Knowledge of threat modeling and risk assessment techniques
  • Experience deploying and managing SEIM, vulnerability management, and antivirus systems
  • Up-to-date knowledge of cybersecurity threats, current best practices and latest software
  • Experience and knowledge of tools to facilitate secure SDLC controls (SAST, DAST, IAST, RASP, etc.)
  • Strong knowledge and hands on experience with AWS cloud infrastructure and native security services such as Inspector, GuardDuty, Web Application Firewall, Security Groups, Virtual Private Cloud, and CloudTrail
  • Knowledge of Linux operating system and containerization technology such as Docker and Kubernetes
  • Hands-on experience performing security tests and manual pentests on web applications, mobile apps, and web services (APIs)

Preferred Qualifications

  • Knowledge of the DevOps culture and principles
  • Scripting experience using scripting Bash, Python, or Groovy
  • Experience with Infrastructure as Code solutions such as Terraform
  • Professional certification such as OSCP, CISSP, OSWE, GWAPT, GWEB, GXPN
  • Experience with security frameworks, such as HITRUST, SOC2, ISO27001


  • Medical, Dental, and Vision
  • Simple IRA with matching
  • Options
  • Unlimited PTO
  • Catered Lunches on Mondays
  • Dogs in the office!


Read Full Job Description
Please apply via our website at
Apply now
Please apply via our website at
Apply now
Save jobView Buoy Health's full profileFind similar jobs