Lark is the world's largest A.I. healthcare provider, servicing more than a million patients suffering from, or at risk of, chronic disease with A.I. Nurses. We're on a mission to improve people's health and happiness through our digital health coach. We are the only A.I. nurse ever to become fully medically reimbursed to 100% replace a live nurse because we achieved equivalent health outcomes to live healthcare professionals - which allows for infinitely scalable healthcare. Since launch, Lark has continued to receive awards and accolades for both our product, and our leadership, including:
- Apple's Top 10 Apps in the World
- Business Insider's most innovative companies in the world along with Uber and Snapchat
- A CEO who was recognized as the #1 in Top 10 Women in Tech to Watch by Inc.
- CDC recognition of our Diabetes Prevention Program.
The Security Engineer is a hands-on, highly technical member of the Lark team bridging Security / Compliance, DevOps, Engineering, and Partnerships. This role will work primarily in the Security/Compliance team, hand-in-hand with the DevOps team. The role will expand, maintain, and secure the cloud infrastructure, apps and processes that support Lark, our personnel, data, apps, partners and technology platform. The role will also work in Security/Compliance to ensure regulatory requirements are continuously and proactively satisfied.
Duties and Responsibilities
- Maintain/Update/Enhance/Execute security engineering / DevOps policies and procedures around patch management, logging/log review, monitoring/alerting, configuration management, etc.
- Conduct vulnerability scanning on network, application, web and containers of production and test systems, identifying gaps in threat defense and help management identify solutions to address them
- Conduct business continuity/disaster recovery preparation activities ensuring system resiliency
- Ensure compliance with applicable certifications (HIPAA SRA, HITRUST, SOC2, ISO27001) through completing recurring tasks
- Manage, review and administer system access and configurations
- Participate with engineering in design and code reviews for security
- Implement solutions to standard and industry best practice
- Manage and maintain security tools to standards
- Review and address alerts
- Mitigate threats to the organization
- Be a source of current information and best practices for the team and the organization through constant learning and sharing of information
- Maintain and stand behind a strong zero-trust security posture at Lark
- Partner closely between DevOps and Security/Compliance teams
Knowledge & Skills
- 5 years of experience with Security best practices
- Expertise with securing AWS
- Fluency in at least one programming language
- Expertise in Kubernetes, Python, and Kotlin a big plus
Credentials and Experience
- Experience in network, application, container, and web vulnerability scanning and threat defense
- Experience defending against threats on cloud networks and remediating vulnerabilities
- Experience with patch management, log monitoring and alerting
- Experience with Business Continuity/Disaster Recovery testing
- Experience providing security guidance to development across the SDL
- Experience in incident handling and response
- Experience in threat hunting, identification, and mitigation
- Experience working with vendors and identifying practical solutions
- Experience working with open source security tools
- Experience in reviewing, improving and developing process and procedure
- Experience with and interpreting cybersecurity framework (e.g. NIST, CSF, HIPAA, HITRUST)
- Former experience working as a defense contractor, government agency or security services provider a plus
- 5 years of experience working on DevOps engineering, security engineering, and compliance
- Prior experience with HIPAA/HITRUST or PCI compliance and security a big plus
- AWS, Kubernetes 1.16+, OPSkops, Terraform 0.12, Rancher 2, Concourse, Helm 2 & 3, Github Enterprise, Prometheus Operator, Grafana, Loki, Jaeger/OpenTracing
Our team works with cutting edge tools and technology related to Artificial Intelligence and Machine Learning. We are using NLP to process millions of meals, and accelerometer data to compute activity and sleep amounts from users' phones. Our chat A.I. is the most sophisticated digital health engagement tool in the world. Join us and make it even better!
Lark is an Equal Opportunity Employer. Lark does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.