Cloud Security Engineer

 Cloud Security Engineer  

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’ s ambitious vision requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values. 

This position is based out of our headquarters in the Greater Seattle Area. #LI-onsite

Who We Need

Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. We are seeking candidates inspired by the opportunity to securely apply data in the development of real-world health solutions. Beyond core capabilities, we seek problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference. We do things the right way. Our commitment to security and compliance assurance cannot be stressed enough. This position is critical to ensuring we are successful.

If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you.

This Opportunity   

Success in the healthcare industry is predicated on a foundation of trust. We demonstrate our trustworthiness as stewards of health data through three foundational pillars: security, privacy, and compliance.

In this role, you will secure Truveta’s applications, cloud infrastructure, and critical assets from current or emerging cyber threats and exploits. Candidates must understand what matters most to Truveta’s Health Care Partners and the sensitive data Truveta is entrusted to protect.

Responsibilities

• Assist in driving Application Security Review assessments which includes architecture review, threat model review, security code review and vulnerability management
• Collaborate and build relationships across Engineering teams, driving cross-functional alignment to drive clarity relative to vulnerability remediation requirements
• Participate in vulnerability review processes, maintaining professional skepticism when reviewing for false positives and exception requests from Engineering teams
• Proactively engage Engineering teams to ensure timely remediation of issues identified during application security reviews, cloud infrastructure vulnerability scans, and manual application security tests
• Maintain current knowledge and understanding of application and infrastructure security best practices to offer the best solutions and protection to Company services
• Continuously review security and privacy practices
• Assist in defining, driving, and delivering key elements of Truveta’s vulnerability management strategy, deriving best practices for vulnerability and exposure analysis across the Company
• Interact with privacy and compliance teams to deliver the Fabric of Trust that will be infused into all Truveta services

Key Qualifications

• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Cyber Security, Information Security and Information Systems
• 5+ years of experience working on application & system security reviews
• 3+ years of experience in managing vulnerabilities at a fast-paced cloud hosted environment
• 2+ years of experience in developing with Python, .NET, Java code languages
• Excellent written and verbal skills

Preferred Qualifications

• Ability to be a self-starter and motivated to help Engineering teams understand cyber security best practices
• Experience with SAST, DAST, OSS, web-app pen-test, and offensive security assessment tools
• Knowledge and experience with information security controls, infrastructure, and implementation techniques
• Experience in improving vulnerability remediation requirements
• Experience in delivering product security in one or more public clouds (Azure, AWS, GCP)
• Experience in securely operating highly distributed systems with published SLAs
• Experience with supporting engineering compliance, e.g., HIPAA, ISO, SOC2, FDA
• Certifications in Information Security, e.g., GSEC, GCWN, GDSA, CISSP, HCISP, CCSP, CRISC, CISM, Security+, or other security relevant accreditations
• Offensive Security certifications are a plus, e.g., GCIH, GPEN, GXPN, OSCP, OSEE, CEH

Why Truveta?  

Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional and everything in between. Join us as we build an amazing company together. 

We Offer:

• Interesting and meaningful work for every career stage
• Great benefits package
• Comprehensive benefits with strong medical, dental and vision insurance plans
• 401K plan
• Professional development & training opportunities for continuous learning
• Work/life autonomy via flexible work hours and flexible paid time off
• Generous parental leave
• Regular team activities (virtual and in-person as soon as we are able)
• The base pay for this position is $105,000 to $125,000. The pay range reflects the minimum and maximum target. Pay is based on several factors including location and may vary depending on job-related knowledge, skills, and experience. Certain roles are eligible for additional compensation such as incentive pay and stock options.

If you are based in California, we encourage you to read this important information for California residents linked here.

Truveta is committed to creating a diverse, inclusive, and empowering workplace. We believe that having employees, interns, and contractors with diverse backgrounds enables Truveta to better meet our mission and serve patients and health communities around the world. We recognize that opportunities in technology historically excluded and continue to disproportionately exclude Black and Indigenous people, people of color, people from working class backgrounds, people with disabilities, and LGBTQIA+ people. We strongly encourage individuals with these identities to apply even if you don’t meet all of the requirements.