Position: Senior DevSecOps Engineer
What we want to accomplish and why we need you Suki is creating a new category in the health-tech space: the digital assistant. Our product will be the voice user interface for healthcare. What does that mean? Currently, doctors use electronic health record systems to take notes on patient encounters. This is a digital version of the paper charts that you may have seen in your doctor's office or on TV. These systems can be hard to navigate and time- consuming to manage. Doctors would rather spend that time with patients. We are creating the solution. Doctors that use Suki already spend over 70% less time on administrative tasks, and we're striving to do even better.
What will you do everyday? ● Work with the product, devops, and other teams to identify the right security architecture for implementing new solutions, products and features. Help develop, implement and support product security strategy. ● Work closely with product management, engineering, and DevOps teams to implement, identify, and embed cybersecurity in a secure connected architecture. ● Deliver general security concepts in the software development lifecycle (Identity and Access Management, encryption, web application security, security logging, pen-testing processes, etc.). ● Support security initiatives and serve as a point of contact to build and securely scale cloud platforms. ● Manage program risks through effective identification, mitigation, tracking, and reporting of the identified risks. ● Present strategies, project plans and more to cross functional teams delivering risk management solutions that add value. ● Analyze computer security incidents and recommend appropriate measures to respond to computer security incident activity. ● Practice, Automate & Maintain SOC2, and HIPAA Compliance. ● Experience in introducing security testing into software delivery pipelines (CI/CD) ● Understanding of secure and defensive coding principles, especially OWASP top 10 or similar guidance frameworks ● Understanding of “cloud-native” and 12-Factor applications and how to deploy them securely ● Create design specifications and prepare technical documentation and run- books. ● Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the security program
Ok, you're sold, but what are we looking for in the perfect candidate? ● You are a hands-on engineer who leads by doing. ● You design, implement, and maintain robust security controls and processes for GCP environments. This includes identity and access management (IAM), network security, data security, and encryption. ● You automate security tasks within the CI/CD pipeline to continuously identify and mitigate vulnerabilities. ● Collaborate with developers and operations teams to integrate security best practices into the development process. ● Perform regular security assessments and penetration testing to identify and address potential security risks. ● Monitor security logs and events for suspicious activity and investigate potential security incidents. ● Stay up-to-date on the latest Google Cloud security threats and vulnerabilities and implement necessary mitigation strategies. ● Develop and maintain security documentation and training materials. ● You help with SOC2, and HIPAA Compliance ● Contribute to the overall security culture of the organization by promoting awareness and best practices.
Qualifications ● 5 years industry experience with at least 2 years experience in DevSecOps automation and tooling. ● Proven experience with Google Cloud Platform (GCP), including IAM, Cloud Armor, Security Command Center, Cloud Key Management Service, and Cloud Audit Logs. ● Expertise in security tools and technologies, such as vulnerability scanners, penetration testing tools, and security information and event management (SIEM) systems. ● Strong understanding of DevSecOps principles and practices. ● Excellent communication, collaboration, and problem-solving skills. ● Ability to work independently and as part of a team. ● Passion for security and a desire to continuously learn and improve. ● Excellent communication skills, both written and spoken. ● Experience collecting metrics, measuring systems and interpreting data to make decisions. ● Bachelor's degree in Computer Science, a related technical field, certifications, or equivalent practical experience. We don't necessarily expect to find a candidate that has done everything we've listed, but you should be able to make a credible case that you've done most of it and are ready for the challenge of adding some new things to your resume.
Tell me more about Suki ● On a roll: Named by Fast Company as one of the most innovative companies, named Google's Partner of the Year for AI/ML, named by Forbes as one of the top 50 companies in AI . ● Great team: Founded, managed, and backed by successful tech veterans from Google and Apple and medical leaders from UCSF and Stanford. We have technologists and doctors working side-by-side to solve complex problems. ● Great investors: We're backed by Venrock, First Round Capital, Flare Capital, March Capital , and others. With our $55M Series C financing, we have the resources to scale.
● Huge market: Disrupting a massive, growing $30+ billion market for transcription, dictation, and order-entry solutions. Our vision is to become the voice user interface for healthcare, relieving the administrative burden on doctors instead of adding to it. ● Great customers: Our solutions are used in health systems and clinics across the country, supporting clinicians across dozens of specialties. Check out what one of our users says about how Suki has helped his practice. ● Impact: You'll make an impact from day one. You'll join a team working towards a shared purpose with a culture built upon deep empathy for doctors and passion for making their lives better.
Suki is an Equal Opportunity Employer. We are dedicated to building a company that fosters inclusion and belonging and reflects the diverse communities we serve across the country. We know we are stronger this way, and we look forward to growing our team with these shared values.