Ein Unternehmen der Tenth Revolution Group

Ihre aktuelle Jobsuche

12 Suchergebnisse

Für Festanstellung in California

    Remote- Security Operations Engineer

    USA, California, San Diego

    • $140,000 to $170,000 USD
    • Other Stelle
    • Fähigkeiten: AWS / Terraform / Security / HIPAA / HITRUST
    • Seniority: Senior

    Jobbeschreibung

    Security Operations Engineer

    Remote

    $140k-$170k

    HIPAA, HITRUST or other healthcare compliance experience required

    AWS, Terraform, Security



    Qualifications

    The SecOps Engineer must demonstrate proficiency and experience using a variety of security systems, including but not limited to: Next Generation Anti Virus and Anti Malware systems such as CrowdStrike, Vulnerability Management tools such as Tenable or Nessus, Data Loss Prevention, Endpoint protection Netskope, Server and workstation hardening, Network and Email security. They must have experience with Terraform, and basic scripting languages Python as well as bash/shell scripting. Must have experience hardening Linux and Windows servers as well as Docker hosts and container images. Must be familiar and comfortable using security tools that the current platform as a Service provider Amazon Web Services provides such as AWS Config, DataDog, CloudWatch Insights, Network Access Control Lists, etc.. The SecOps Engineer must have working knowledge of creating and maintaining a Security information and event management system including building use cases and alerts on security events. Must have working knowledge in participating on Threat Hunting, Incident Response Teams and Threat Intelligence sources. They must have the ability to communicate clearly with technical and non-technical team members and have ability to document their thought and security processes when solving technical security issues as well as reporting and evaluating current risks and security posture.

    Responsibilities

    The SecOps Engineer is responsible for:

    1 The implementation and maintenance of the Security information and event management. These include, but are not limited to:

    1 Ensuring logs from all information systems, custom developed software, network assets, third party Software as a Service tools are ingested.
    2 Ensuring that ingested logs are parsed appropriately to allow for custom use cases and security event alerts to be created.
    3 Create security events and alerts based on common use cases such as: brute force attacks, unauthorized access, data exfiltration and anomalies, etc.

    2 Administration, implementation and management of management tools. This include, but are not limited to:

    1 Install and maintain the Nessus agent on all information systems running Windows, Linux or MacOS operating systems.
    2 Create and regularly schedule scans for vulnerability and malware on information systems.
    3 Perform internal network scans using Nessus to evaluate and produce reports along with remediation strategies
    4

    1 Review results and security scan reports produced by security tools running on the (SDLC).

    1 Participate and provide feedback in Code Reviews that affect the security of cloud infrastructure resources before any code is merged and infrastructure created on AWS such as Security groups, VPC, Route Tables, Network Access Control Lists, AWS Account Settings to ensure that Encryption in transit and at rest is implemented for systems that store or transmit highly sensitive data.
    2 Ensure that all software projects implement static source code analysis tool SonarQube
    3 Ensure that scanning rules for Python, Java and JavaScript programming languages in SonarQube are up to date and reasonable to reduce likelihood of threats due to not following secure coding best practices.
    4 Review scan results in SonarQube and provide remediation input to software source code authors when necessary.
    5 Ensure that all Terraform projects implement infrastructure as code scanning tool TFSec
    6 Ensure that infrastructure as code appropriately uses TFSec ignore rules when there aren't security concerns or the risk is being transferred to another resource in some capacity.
    7 Review TFSec scan results in Concourse and provide remediation input to infrastructure as code authors when necessary.

    1 Perform thorough Risk Analysis of internally developed software and third party software used in internal operations and product offering.

    1 Produce an inventory of information systems used across the entire organization
    2 Produce an inventory of internally developed software and integrated solutions used in product offering.
    3 Review the security architecture and produce an Internal Risk Analysis document for each one of the internally developed components of the product offering.

    1 Review and approve any third party Software requested to be used or installed by staff on workstations or servers.
    2 Define and continuously improve Security posture.

    1 Stay up to date on the latest cybersecurity threats using Threat Intelligence sources.
    2 Ensure that there are appropriate policies and procedures for operations tasks that pose any security risk.

    1 Regularly attend and provide input in team huddle, planning, testing and sign-off meetings.
    2 Security responsibilities

    1 All Workforce members will implement and act in accordance with the organization's information security policies.
    2 All Workforce members will protect assets from unauthorized access, disclosure, modification, destruction or interference;
    3 execute particular security processes or activities;
    4 ensure responsibility is assigned to the individual for actions taken;
    5 and report security events or potential events or other security risks to the organization.

    Neu

    Senior Full Stack Engineer - $160k - Los Angeles, CA

    USA, California, Los Angeles

    • $140,000 to $160,000 USD
    • Developer Stelle
    • Fähigkeiten: AWS / Full Stack / Healthcare / Compliance
    • Seniority: Senior

    Jobbeschreibung

    My client is looking to hire a full-time Full Stack Software Engineer to join a growing company in the healthtech space.

    Key stack stack includes React, Node, and Postgres, Kubernetes in AWS.

    Creating engaging end-user interfaces and features, primarily web-based, to captivate our members Constructing data infrastructure to showcase the clinical value of our product Personalizing our programs algorithmically Deploying, overseeing, and monitoring components on AWS Integrating our platform with external platforms and API's.

    The ideal candidate will be a self-motivated individual. Engineers who derive satisfaction from building consumer products from inception to scalability, setting and managing goals, are a great fit for this role. You deeply care about our older adult members. We aim for every team member to glean insights from our users' challenges and requirements, leveraging this to tailor our product and development trajectory. You possess over 3 years of experience in constructing modern web applications on cloud infrastructure, specifically showcasing proficiency in Javascript (ES6+) and React. You are comfortable traversing the entire engineering stack and effectively communicating technical decisions throughout the organization.



    The ideal candidate will have experience with HIPAA, HITRUST, SOC 2 or other compliance.

    This company offers excellent benefits, 401k, unlimited PTO and an esteemed team of bright professionals.



    Interested in learning more? Apply today to be considered! Interviews have already begun, so the sooner the better.




    Regenerate