*This is a remote position*
Today, 1 in 3 Americans say they suffer from mental health problems like anxiety, depression, or insomnia. Despite this mental health epidemic, seeing a psychiatrist can take up to 3 months and cost as much as $500.
Shocked? Us too. That's why we started Cerebral, a telemedicine-first mental health startup. We are breaking down the barriers to access to mental healthcare so that anybody can get the care and meds they need. We launched publicly in January 2020 and are growing at over 40% month-over-month. We need your help to keep growing at a dizzying pace!
How you will contribute:
- Build and lead Cerebral’s security function starting with a team of one (you) then hiring and manage a few more security engineers as a lean end to end security team
- Partner with DevOps, Engineering, Compliance, and Operations to ensure Cerebral’s end to end technology footprint is secure utilizing preventative measures by matrix managing a security program for the entire organization
- Hands-on implementation of security controls including preventative threat detection and employee training meetings
- Develop, implement, and review security guidelines and configurations for an AWS based HIPAA compliant SaaS environment and a remote IT workforce
- Institute proactive security monitoring and alerting capabilities utilizing a combination of custom cools and strategic partners
- Build security automation into infrastructure deployment and CI/CD pipelines
- Perform manual and automated compliance, vulnerability, and penetration testing
- Demonstrate and promote security best practices
- Constantly improve policies and procedures such as incident management while gaining buy-in across the department and organization
Our tech stack:
- Language: Ruby, Reactjs, React Native, Python, Typescript, HTML, CSS
- Systems: AWS, Postgres, CircleCI
Skills you’ll bring:
- Experience building and running a security program using a combination of security engineers, matrix management skills, and contract engineering. Previous experience as a CISO is a nice to have.
- Expert knowledge in IT and application security and setting up or improving incident management procedures and protocols across an organization.
- Experience securing Linux, container (Docker/ECS/Kubernetes) and lambda-based workloads along with AWS services (IAM, EC2, ECS, RDS, S3, KMS, etc.)
- Experience with penetration testing, threat modeling, open-source, and commercial security tools
- Knowledge and understanding of CI/CD and automation tools (Jenkins, Ansible, Git, Maven etc.)
- Ability to write code to solve security issues. Writing security tools, or automation/management of security-sensitive environments.
- Deep knowledge of AWS IAM and VPC; how to configure least privileged access.
- Use of tools such as Terraform, CloudFormation, Cloud Custodian for managing security in public cloud environments.
- Use of vulnerability management tools (Tenable, CrowdStrike, Prisma, etc.)
- Hands-on experience with SIEM, IDS, IPS and WAF solutions
- Incident and IT security management
- Familiarity with security and compliance frameworks such as HIPAA, HITRUST, SOC2, ISO 27001/27013, NIST 800-53
- General understanding of common web application deployment models and components
- Hire, build, and develop high performing teams
- Quickly make low-level decisions while being patient and methodical with high-level ones.
- Command the room amongst the smartest and diverse set of individuals
- Curious, love to learn and to dig into new technologies and can pick them up quickly
- Demonstrate strong technical architecture and engineering skills along with the ability to switch between technology paradigms.
- Adept at prioritizing value and shipping complex products requiring coordination across multiple teams
- Love working with some of the best world-class engineers, product managers, and architects.
- Strive to excel, innovate and take pride in your work
- Work well with other leaders
- Top-quality healthcare, dental, and vision plans
- Remote friendly (only remote!)
- Monthly happy hours
- Unlimited PTO policy