Security Software Engineer (DevSecOps)

| Greater Boston Area
Company Overview
Buoy is a series-A funded health-tech company using artificial intelligence to help people find the right care at the right time. Started by a team of doctors and computer scientists working at the Harvard Innovation Laboratory in Boston MA, Buoy was developed in direct response to the downward spiral we’ve all faced when we attempt to self-diagnose our symptoms online. Buoy leverages artificial intelligence – powered by advanced machine learning and proprietary granular data - to resemble an exchange you would have with your favorite doctor – to provide consumers with a real-time, accurate analysis of their symptoms and help them easily and quickly embark on the right path to getting better. Buoy is based in Boston and was founded in 2014.
Job Description
Buoy is looking for a DevSecOps Engineer with a strong security focus to help set initiatives and implement best practices in the areas of infrastructure and network security. You will own all architecting, designing, and implementing relating to the security of the company’s platform. You will be responsible for analyzing complex systems, identifying security vulnerabilities, and implementing new security policies to secure our data and infrastructure. You will work cross functionally with product, legal, operations, and engineering to advocate for security priorities.
In a typical week you may…
-- Perform penetration tests and other security assessments
-- Develop and maintain a risk register
-- Monitor logs and take action on any security threats
-- Work with engineers to review product or infrastructure pull requests
-- Think proactively about security risks and mitigate them before they come an issue
-- Communicate security priorities across the organization to make sure it is in the DNA of the Buoy organization to put security first
-- Work with legal to prevent, detect, and report security breaches
Minimum Qualifications
-- Knowledge of threat modeling and risk assessment techniques
-- Up-to-date knowledge of cybersecurity threats, current best practices and latest software.
-- Experience and knowledge of tools to facilitate secure SDLC controls (SAST, DAST, IAST, RASP, etc.).
-- Strong knowledge and hands on experience with AWS cloud infrastructure and native security services such as Inspector, GuardDuty, Web Application Firewall, Security Groups, and CloudTrail
-- Knowledge of Linux operating system, and containerization technology such as Docker and Kubernetes
-- Hands-on experience performing security tests and manual pentests on web applications, mobile apps, and web services (APIs)
Preferred Qualifications
-- Knowledge of the DevOps culture and principles
-- Experience with Infrastructure as Code solutions such as Terraform/Terragrunt
-- Professional certification such as OSCP, OSWE, GWAPT, GWEB, GXPN preferred but not required
-- Experience with security frameworks, such as HITRUST, SOC2, ISO27001
-- Medical, Dental, and Vision
-- Simple IRA
-- Options
-- Unlimited PTO
-- Catered Lunches on Mondays
-- Dogs in the office!
Read Full Job Description