Lead Cloud Security Engineer

As the Lead Cloud Security Engineer on the 1upHealth Product Security team, you will help harden our overall security on our architecture and software platform.  The security engineer will be joining our sec-ops team, working through any security issue that comes up internally or with a customer.  As a HIPAA compliant company, we strive to protect all of our customers' data in the cloud and are always improving our security and the security culture within the organization. 

In this role, you’ll get to:

• Lead engineers to securely architect services across the organization (design reviews, threat modeling, security testing)

• Harden our environments against online threats and data loss to reduce and mitigate risks

• Create new security defensive tools and integrations to elevate security across the organization

• Mentor other engineers on the team and in the organization

• Share your passion for security and shape our security culture across the organization

• Participate in our incident response and vulnerability remediation efforts

• Audit logs and events to ensure compliance with our SOC2 information security policy

• Work in a team oriented, collaborative environment

We are looking for people who have:

• Experience working with cloud environments and services

• Prior work experience in an application security role

• Advanced knowledge of security concepts (browser security model, cryptography, network security, etc) based on relevant courses, self-learning or past internships

• Familiarity with identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP API / Web App Top 10s and CWE Top 25

• Relevant development experience in some of these technologies: Java, JavaScript / NodeJS / TypeScript, Python, Terraform, WAFs

• Ability to work in an Agile Scrum environment

• B.S. / M.S. in Computer Science, Electrical Engineering or related experience

• Expertise with security tools such as static analysis, runtime analysis, black-box testing, etc.(Burp Suite, OWASP ZAP, Snyk, Metasploit, Tenable, Lacework)

You may also have:

• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.

• Attacker mindset: Passion for breaking all things unbreakable, experience as a white-hat engineer

• CISSP or other security certifications

• HIPAA / GDPR / HITRUST experience