Are you ready to protect the security and privacy of our international community of practitioners and patients while ensuring the best user experience of the top European healthcare products? If so, we are looking for a skilled, passionate Information Security Engineer seeking for challenges in technology serving societies with privacy and ethics. We are building state-of-the-art healthcare compliant information system security and products to secure millions of health records.
What you will do :
- Be an information security advisor and expert, internally and externally
- Be part of internal and external security audits and certifications
- Take part in customer audits, provide support to sales and pre-sales
- Cooperate with our Legal Department on technical and regulatory security issues, e.g. technical measures for GDPR, Schrems II, etc.
- Support procurement processes for RFPs and contractualization
- Observe and evaluate applicable security standards and best practises and perform internal compliance audits, e.g. BSI guidelines, BSI-C5, ISO27000 series, OWASP guidelines etc.
- Create and maintain technical documentation, whitepapers, procedures and policies, both for internal and external stakeholders.
- Be part of our Secure Development Lifecycle
- review functional and technical scopings of new and existing product features to ensure effective security during implementation
- Perform security assessments of existing and upcoming Doctolib’s features and products
- Recommend architectural, functional or technical requirements to ensure effective long-term security
- Design, implement and perform security training for developers and product managers.
Attached to the Information Security Office Germany and located in Berlin, you will be part of a motivated, result-oriented and united global security team, with highly complementary profiles and expertise in areas such as application, platform and corporate security, GRC and data protection.
Your profile :
- You have first successful and validated experience on at least three of the activities described below (mandatory):
You have experience as an information security expert working on technical measures for regulations like the GDPR.
You have experience on implementing, maintaining or auditing an ISMS according to ISO27001 or BSI Grundschutz
You have experience in application security (threat modeling, risk analysis, control implementation)
- You have experience working in a large cloud SaaS software company as an security expert and are able to understand modern web applications security and technologies
- You are curious, autonomous, flexible, rigorous, enthusiastic, passionate and have a taste for teamwork.
- Fluent written and spoken English and German are mandatory
The interview process :
- Recruiter Call (30 min)
- Technical interview with the Doctolib Security team (1 hour)
- Case study with restitution (1h30)
- Interview with our CISO and VP Engineering (45 min)
- Contract: full-time position
- Start: as soon as possible
- Location: based in our German headquarter in Berlin (relocation package if needed)
- Package: attractive salary depending on profile
About Doctolib :
Founded in 2013, Doctolib is the fastest growing e-health service in Europe.
We provide healthcare professionals with services to improve the efficiency of their organization, transform their patients' experience, and strengthen cooperation with other practitioners. We help patients to access care easily, with online appointment scheduling, teleconsultations and receiving their prescriptions online.
Doctolib is also a group of passionate entrepreneurs who are transforming the healthcare industry and share the SCALES values.
At Doctolib, we don’t just accept diversity, we respect and celebrate it! We’re proudly committed to equal employment opportunities regardless of your gender, religion, age, sexual orientation, ethnicity, disability or place of origin. We take care of each other and are grateful for each Doctoliber’s contribution to our mission!