Rosalind, Inc. Cloud Security Operations and Compliance Engineer San Diego, CA · Remote · Full time

We are looking for compliance specialist to join our Software Engineering team. As a compliance specialist, you will be responsible for maintaining compliance with security and privacy regulations for our FedRAMP SaaS operations.

Description

Why work for just any SaaS company?


Every day, ROSALIND empowers Scientists globally to discover life’s unknowns and greatest challenges like COVID, Cancer and Infectious Diseases through the interpretation of genomic data. We are the innovators, explorers, and dreamers who created the ROSALIND Platform to reinvent and transform the genomic analysis experience for research, clinical and diagnostic markets, so that we all may realize the benefits of Precision Medicine. Our primary customers are Pharmaceutical, Biotech and Diagnostic firms with broad adoption across academic research institutions. Rather than trying to cure cancer ourselves, we’re passionately building the best platform so that our customers can.


Now we need more passionate people like you, leading the way and sharing our amazing platform with every institution aspiring to make the world a better, healthier place. Leave behind past stereotype of biotech or life science companies; we’re ambitious, creative, agile and relentless designers, scientists, engineers and marketers dedicated to transforming the human experience by unlocking biology’s greatest unknowns.


The job


As a part of the Rosalind SecOps team, you will apply your skills and knowledge to make sure the U.S. Federal SaaS environments are secured in accordance with cloud security best practices, operated with security in mind, and compliant with Rosalind internal requirements, as well as external regulations. You will continuously assess and improve security posture, implement effective security monitoring systems, collaborate on security controls reporting automation. You will have direct responsibilities to ensure that active security monitoring of both commercial and U.S. Federal environments is undertaken on a continuous basis by overseeing a vulnerability management program, participating in and leading risk analysis of findings, and ensuring that the SecOps team is performing at maximum efficiency globally.


You will be an excellent fit if you:

·      Have prior experience protecting cloud-based environments

·      Have clear experience with GCP services: Compute Engine, Cloud Armor, ISA, Cloud Storage

·      Hands-on Experience with FedRAMP.


Required Skills:

·      5+ years of experience in the cybersecurity; with at least 2 years in a cloud security role

·      Strong knowledge of Qualys, Linux, Docker, Wazuh

·      Experience with vulnerability management and incident response processes

·      History of implementing enterprise security tools - SIEM, IDS/IPS, FIM, PAM

·      Knowledge of authentication protocols, authorization standards and crypto primitives (TLS, OAuth, SAML, JWT, etc)

·      Familiarity with OWASP TOP-10, CIS Benchmarks, STIGs

·      Experience / knowledge eMASS, SNAPS, PPSM, C-ITP

·      Experience with Infrastructure as Code and Configuration Management tools.

·      Experience / knowledge of working with RESTFUL APIs and Webservices

·      Experience with alerting and monitoring tools.

·      Experience with common security scanning tools (e.g. Nessus, Qualys, IBM AppScan, Burp Suite, etc.)

·      Understanding of software development lifecycle models

·      Ability to work effectively in a cross-functional setting through influence, persuasion, and collaboration

·      Excellent problem solving, critical thinking, communication, and teamwork skills

·      Knowledge of Python, Terraform is a plus

·      Certification (GCP Security Specialty GCIH - GIAC Certified Incident Handler, (ISC)2 CCSP – Certified Cloud Security Professional) is a plus

·      The security mentality that can analyze situations, technology, and human systems both as an attacker and defender

·      Ability to understand the business’ strategic goals and proactively pursue projects to advance them