Senior Security Engineer
- Worldwide
For over a decade, Reify Health has been paving the way to faster, predictable, and more accessible clinical trials. Through its business entities, OneStudyTeam and Care Access, the company provides best-in-class trial optimization software and transformative clinical trial infrastructure that delivers research directly to more healthcare providers, communities, and patients wherever they are. Through partnerships with top biopharma companies, thousands of research clinics worldwide, and leading healthcare & community organizations, Reify Health is helping bring new medicines to patients faster, one trial at a time.
As of September 2022, the team working on StudyTeam is now known as OneStudyTeam. Both new and familiar, this name reflects the mission shared by our technology and our people: to connect and enable every stakeholder in the clinical trial ecosystem to carry out the work of research better, sooner, and together. OneStudyTeam, like Care Access, will continue to operate as a business inside Reify Health but will now do so using the OneStudyTeam name and brand to represent the business overall. All StudyTeam products will continue to utilize the StudyTeam name and branding, and our users will continue to access our products in the same way. For more information about this transition, see press release here.
By joining our team, you will become a leading subject matter expert on the security of modern web applications, APIs, and cloud infrastructure. In close collaboration with technical advisors and staff engineers, you will assess the security of new applications, features, partner integrations, data flows, and internal StudyTeam configuration/administration tools. You will also serve as a technical leader on incident response and mentor other Security Team members.
- Integrate with data and software engineering teams to assess the security of new applications, features, partner integrations, data flows, and internal product configuration/administration tools.
- Develop solutions to enable and enhance security of StudyTeam SaaS applications, associated data transfers, and infrastructure (AWS).
- Assess, validate as necessary, coordinate, and confirm remediation of vulnerabilities identified through 3rd party penetration testing and internal vulnerability scans in conjunction with engineering teams (e.g, DevOps/SRE, Software Engineering).
- Play a key role in the selection, design, configuration and use of additional vulnerability scanning technologies (e.g., container scanning, SCA/SBOM, SAST, DAST, IAST, RASP).
- Serve as a technical leader on incident response for web applications and infrastructure.
- Recommend, drive, and implement improvements to One StudyTeam’s Security Program, including how the program is integrated within the SDLC .
- Author, and when appropriate delegate to team members, formal technical risk assessments documenting security findings and outlining required mitigating controls.
- Participate in the selection and implementation of a re-imagined SIEM solution
- 5 or more years experience in a dedicated technical security role is required.
- Proficiency in Python for programmatic data analysis and automation is required.
- Deep understanding of modern application stacks including microservice architectures, containerization, CI/CD, and IaC in a cloud environment such as AWS or GCP is required.
- Solid knowledge of OWASP Top 10 from both the attack chain and mitigation perspectives.
- Understanding of modern source control systems (e.g., Git, Gihub) is required.
- Desire to mentor other security team members while concurrently collaborating with senior engineers is required.
- Prior experience collaborating with Data, Engineering, DevOps/SRE andProduct teams to assess technical security risks is a strong plus.
- Experience leading technical incident response for modern web applications and infrastructure is a strong plus.
- Competitive salary and stock options
- Remote-first! Work from anywhere.
- Flexible PTO & working hours
- Up to 16 weeks 100% paid parental leave
- 100% paid health coverage for employees with option of HSA: Includes employer HSA contribution of $400 for individuals or $800 for families
- Additional plans available at >70% premium coverage
- 100% employer-sponsored dental & vision plans for employees
- Supplementary, low-premium benefits: Short-term/Long-term disability, voluntary life insurance, pet insurance(!), legal & identity protection
- Free access for employees and dependents to health care advocacy team (Alight Health Pros), and 24/7 telemedicine access (Eden Health)
- 401(k) retirement plan with 4% employer match
- Company-provided laptop
- $1300 annual home office reimbursement
- Team Fun: Regularly scheduled virtual events
- Annual fitness and weight loss reimbursements: Up to $150 each per year
- Learning and Development: Your very own LinkedIn Learning license so that you can upskill or just learn something new!
- Access to Benefits Marketplace: A special discount hub for OST employees to access deals on things like electronics & home goods to wireless service or travel
- Guardian’s College Tuition Benefit Program: Enroll any child dependents under the age of 17 for up to $4000 per year towards college tuition
We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status.
Note: OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OST works with a Professional Employer Organization.
For a detailed overview of Reify Health's privacy policy, please visit www.reifyhealth.com/privacy-policy. This organization participates in E-Verify (E-Verify's Right to Work guidance can be found here).