Application Security Specialist at 1QBit in Vancouver, BC

Your Role

In this role, you’ll be responsible for developing, implementing, and continuously improving the security of 1QBit’s suite of healthcare software, systems, and operations. You will work with our software developers, machine learning researchers, and IT personnel; providing guidance, sharing expertise, and developing solutions that ensure our products, as well as the tools and techniques that are used to create them, are secure, follow security best practices, and meet standards defined by Health Canada, the FDA, and HIPPA.

What You'll Do

• Collaborate with our healthcare product and software development teams to ensure the adoption of security best practices across our entire application and SaMD (Software as a Medical Device) lifecycle.
• Define and implement security tooling in line with our development processes with the goal of improving coverage, increasing automation, and reducing time to action.
• Own and contribute to the continuous improvement of security in our on-premise and cloud infrastructures.
• Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance.
• Work with product leads to ensure our compliance with the minimum security requirements (MSRs) established by our clients, partners, and regulatory agencies.
• Inform choices through a security lens for the entire development lifecycle, including design, coding, development, quality assurance, testing, and release.
• Drive effective integration and adoption of security best practices and techniques in identifying design flaws and software issues.
• Partner with teams across the business to promote secure development practices and cultivate a strong security culture.
• Work closely with IT to develop, review, and implement company-wide security policies and processes.
• Contribute to the development of software solutions with both classical and cloud computing for 1QBit’s healthcare products in collaboration with developers and ML researchers.

What You'll Bring

Members of our team bring a confluence of personality, skills, and intent that contributes to their individual development and our collective growth as an organization. The knowledge and mindset you will bring to our team include the following:

• 5+ years of experience with the full software lifecycle, including design, implementation, testing, and maintenance.
• 3+ years of experience in application security, penetration testing, security benchmarking, and automation.
• A bachelor's degree in computer science/software development, or equivalent experience.
• Advanced proficiency and technical expertise with Python.
• Development experience in Unix-based environments and proficiency in Unix shell scripting.
• Demonstrated knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
• Solid understanding of the healthcare regulatory landscape, including achieving compliance with the requirements defined by Health Canada, the FDA, and HIPPA.
• In-depth knowledge of common application and network protocols, cryptographic technologies, public key infrastructure, and common security threats, such as attack techniques, evasive techniques, and preventative and defensive methods.
• Microservice architecture expertise and best practices in securing APIs across multi-cloud environments.
• Hands-on experience in container-based deployments and orchestration tools (e.g. Kubernetes, Docker, EKS, GKE, Terraform).
• Any of the following certifications: CCSP, CISSP, HCISPP.