Information Security and Compliance Co-op

Who we are
Zus is a shared health data platform designed to accelerate healthcare data interoperability by providing easy-to-use patient data via API, embedded components, and direct EHR integrations. Founded in 2021 by Jonathan Bush, co-founder and former CEO of athenahealth, Zus partners with HIEs and other data networks to aggregate patient clinical history and then translates that history into user-friendly information at the point of care. Zus's mission is to catalyze healthcare's greatest inventors by maximizing the value of patient insights - so that they can build up, not around.

What we’re looking for
Security is central to Zus’s mission to bring information speed to health care. As part of our infrastructure and security team, you’ll contribute to development and hardening of our AWS cloud environments, assist product teams with service deployment and security improvements, participate in threat modeling and risk assessment activities, contribute to our SOC2 audit compliance program, along with other many aspects of powering a startup to success.We’re looking for someone comfortable with tackling a diverse set of responsibilities and who can communicate effectively with the rest of the organization.

As part of our team, you will

• Help with Regulatory Compliance (SOC2), maintaining an auditable security posture
• Track KPI around security, and help steer the strategy of how the InfraSec team uses and responds to these signals
• Improve CI/CD tools integration/operations, and full automation of CI/testing
• Participate in Threat Modeling (STRIDE) sessions, and help document, capture, and prioritize remediation or improvements
• Cloud security (AWS): help improve security posture by researching and implementing configurations, fixes, or third-party services
• Work with other engineering teams to develop or improve cloud infrastructure, remediate security vulnerabilities or improve logging, monitoring and metric capabilities
• Help improve our engineering reliability and stability plan, including incident management and SLO monitoring

You're a good fit because you have

• A passion for information, infrastructure, or cloud computing
• Experience with AWS compute and networking resources (ALB, S3, EC2, ECS, etc.)
• A desire to learn and steward Infrastructure-as-Code (we primarily use Terraform)
• Experience with continuous deployment
• Familiarity with CI/CD pipeline tools (we primarily use GitHub Actions and Datadog) to achieve repeatable, idempotent, secure and monitored pipelines of code deployments
• General awareness and knowledge of cybersecurity principles
• Familiarity with Linux and the command line and coding: shell/bash, nodeJS, python (not necessary these languages, but the willingness to learn languages/frameworks to accomplish guided tasking)
• A self-starter attitude that shows that you are ready for the fast, and sometimes unstructured, nature of an early stage startup, and can get things done independently
• An effective communicator, and the willingness to level up in technical writing and communication (intra-team, customer, vendor, and leadership)

We will offer you...• Competitive compensation that reflects the value you bring to the team• Opportunity to work alongside a passionate team that is determined to help change the world (and have fun doing it).