*This is a remote position*
Today, 1 in 3 Americans say they suffer from mental health problems like anxiety, depression, or insomnia. Despite this mental health epidemic, seeing a psychiatrist can take up to 3 months and cost as much as $500.
Shocked? Us too. That's why we started Cerebral, a telemedicine-first mental health startup. We are breaking down the barriers to access to mental healthcare so that anybody can get the care and meds they need. We launched publicly in January 2020 and are growing at over 40% month-over-month. We need your help to keep growing at a dizzying pace!
How you will contribute:
- Be a part of a rare opportunity to build the security function at Cerebral while reporting to the VP of Product and Engineering
- Partner with DevOps and Engineering to ensure Cerebral’s end to end technology footprint is secure
- Hands-on implementation of security controls including preventative threat detection and employee training meetings
- Develop guidelines for, implement and review security configurations for an AWS based HIPAA compliant SaaS environment
- Develop proactive security monitoring and alerting capabilities
- Build security automation into infrastructure deployment and CI/CD pipelines
- Perform manual and automated compliance, vulnerability, and penetration testing
- Demonstrate and promote security best practices
- Constantly improve policies and procedures such as incident management while gaining buy-in across the department and organization
Our tech stack:
- Language: Ruby, Reactjs, React Native, and will add one more backend language, HTML, CSS
- Systems: AWS, Postgres, CircleCI
Skills you’ll bring:
- Experience securing Linux, container (Docker/ECS/Kubernetes) and lambda-based workloads along with AWS services (IAM, EC2, ECS, RDS, S3, KMS, etc.)
- Experience with penetration testing, threat modeling, open-source, and commercial security tools
- Knowledge and understanding of CI/CD and automation tools (Jenkins, Ansible, Git, Maven etc.)
- Ability to write code to solve security issues. Writing security tools, or automation/management of security-sensitive environments.
- Deep knowledge of AWS IAM and VPC; how to configure least privileged access.
- Use of tools such as Terraform, CloudFormation, Cloud Custodian for managing security in public cloud environments.
- Use of vulnerability management tools (Tenable, CrowdStrike, Prisma, etc.)
- Hands-on experience with SIEM, IDS, IPS and WAF solutions
- Familiarity with security and compliance frameworks such as HIPAA, HITRUST, SOC2, ISO 27001/27013, NIST 800-53
- General understanding of common web application deployment models and components
- You’re curious, love to learn and to dig into new technologies, and can pick them up quickly
- You demonstrate strong technical architecture and platform engineering skills along with the ability to switch between technology paradigms
- You’re a go-getter and seek ownership of projects with the demonstrated ability to deliver results
- You love working with some of the best world-class engineers, product managers, and architects
- You strive to excel, innovate and take pride in your work
- Top-quality healthcare, dental, and vision plans
- Remote friendly (only remote!)
- Monthly happy hours
- Unlimited PTO policy