Senior Security Engineer
Radformation specializes in Radiation Oncology Cancer treatment software. Our solutions will save cancer clinics time, eliminate planning errors, and enable them to design the optimal treatment for their patients.
Radformation is seeking a self-motivated senior security engineer to join an innovative team. This role is ideal for someone who is interested in impacting cancer patients throughout the country. The senior security engineer is responsible for implementing security best practices across our portfolio of products and coordinating 3rd party tests and audits. This position will define standards and best practices to ensure secure software design and implementation of cloud infrastructure. Your security and leadership skills will play an integral role as we design new products for cancer centers.
BS in related field and at least 10 years experience
- Build and manage tools and libraries to help engineers deploy secure software
- Make security an integral part of our DevSecOps and CI/CD pipeline
- Triage and resolve security vulnerabilities in our software
- Own compliance audits such as SOC2
- Create security guidance documentation
- Partner with various teams across the organization to promote secure development practices and cultivate a strong security culture
- Ensure we are maintaining an acceptable score on security benchmarks
- Lead security engagements such as external pen tests
- Monitor systems and networks to find vulnerabilities or breaches
- Uncover infrastructure and application-level vulnerabilities as part of internal audits
- Conduct system design reviews and guide engineers on building security into our architecture
- Google Cloud Platform (GCP)
- Google Workspace
- ASP.NET Core
- SQL and NoSQL
- 5+ years working as a security engineer
- Experience in dealing with internal/external security audits and penetration tests
- Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, network security, and secrets management
- Experience with incident management and creating workflows, action plans for responding to security incidents, documenting incidents, coordinating post-mortem reports, etc.
- An understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Experience integrating and tuning network security infrastructure
- Cryptography experience (AES, Scrypt, etc..)
- An understanding of web services
- Security experience in GCP environments
- Security implementation experience (OWASP)
- Network stack/protocols, SSO, OAuth 2.0, and AD.
- A background in security and compliance audits (such as GDPR and SOC2)
- Experience with HIPAA Regulations in Software Implementations
- Experience with Hospital IT requirements