Caption Health is dedicated to the development, operation, and improvement of product and corporate security. As our first SecOps Engineer, you will build security solutions, monitor events, and engage with staff, customers, and vendors. You will help ensure systems and software are designed and implemented in secure ways to meet and maintain policy and compliance requirements. Your ability to break down complex topics into simple terms will assist and educate users. Your people skills and empathy will help you understand the needs of your colleagues and develop trust.
- Develop, maintain, and participate in the security program.
- Investigate, model, and mitigate risks to information systems.
- Develop and deploy tools and services to manage and monitor information systems.
- Design, improve, and monitor security systems.
- Improve and enforce security policy.
- Perform third party vendor risk assessments.
- Respond to incoming customer product and organizational security inquiries.
- Participate in compliance certification evidence gathering and audits.
- Respond to and investigate security incidents; participate in on-call Security Incident Response Team.
- Coordinate directly with product, engineering, IT, and infrastructure teams to align on goals, interdependencies, and regulatory requirements.
- Work directly with external contractors and consultants.
- Architect, manage, and monitor cloud infrastructure and endpoint systems with a bias towards automation and reproducibility.
- Educate and encourage staff about secure practices.
- Manage facilities surveillance and access control systems.
- Organize tabletop exercises.
- Perform basic forensics on endpoint devices.
- Stay up-to-date with security best practices and industry threats.
- Ensure security, privacy, and integrity of data and other resources.
- BS degree in Computer Science, Computer Information Systems, or related technical field involving systems engineering, cybersecurity, or equivalent practical experience.
- Experience applying security and compliance controls to highly regulated organizations.
- Experience integrating security requirements into the software development life cycle.
- Experience with security analysis and monitoring tools.
- Experience with configuration management and orchestration tools such as Ansible, Terraform, Kubernetes, SaltStack, or Chef.
- Strong TCP/IP networking, DNS, and HTTP knowledge.
- Strong knowledge of cryptography concepts, PKI, and experience deploying services with TLS.
- Strong knowledge of UNIX/Linux, macOS, and Windows operating system security.
- Experience in one or more of the following programming languages: Python (preferred), C++ (preferred), Golang, Rust, Ruby.
- Proven ability to model complex systems and threat environments.
- Public cloud (GCP, AWS, or Azure) experience.
- Excellent communication skills.
- Current CISSP, HCISPP, or CISM certification.
- Experience in the healthcare industry.
- Experience with HITRUST, ISO27001, and/or SOC2.
- Experience with software intellectual property protection.
- Experience responding to real-world security breaches.
- Start-up experience.