Python Security Engineer Doctor On Demand
San Francisco, CA

Job Description

About Doctor On Demand

Doctor On Demand's mission is to improve the world's health through compassionate care and innovation. We believe that health is personal, and means so much more than treating illness. We're proud of the care we've provided over the years and the relationships we've developed with our patients, as evidenced by the 5-star reviews we continually receive. People use our service to gain access to some of the best physicians and licensed therapists in the country, all whenever and wherever is most convenient. It's as simple as opening the Doctor On Demand app on a smartphone or computer.

Through live video visits, our hand-picked, US-trained doctors take patient history, perform an exam, and recommend a treatment plan. Prescriptions, if needed, go directly to the pharmacy of choice. While insurance isn't required, tens of millions of Americans enjoy covered medical and mental health visits through employer and health plan partnerships. To learn more about the hundreds of medical issues we treat, visit us at DoctorOnDemand.com.

JOB DESCRIPTION

We're looking for an engineer to be the point person for our application and infrastructure-level security at Doctor On Demand. Currently, these duties are split between the CTO and CSO and backed by an engineering and IT team that is security-conscious and takes our stewardship of people's health information very seriously. A successful candidate for this position will be comfortable evaluating existing code and architecture for vulnerabilities, ensuring that we continue to implement SDLC best practices, and managing our penetration testing pipeline.

This hire will have a huge opportunity to influence the overall direction of this part of the company and will report directly to the CSO.

Responsibilities:

* Manage the application and infrastructure security of our HIPAA-compliant platform
* Triage, verify and manage resolution of all issues identified via our continuous penetration testing partnership with Synack
* Be the primary point of contact for the Security email address
* Advise the CSO, CTO, and VP of Engineering on security tooling and best practices
* Organize and implement Red Team / Blue Team exercises
* Educate the engineering and IT teams on security best practices
* Track and audit software dependencies; ensure all security patches are applied
* Improve our existing SDLC and breach detection and recovery processes
* Produce documentation for security audits and certifications (e.g. HITRUST)
* Review pull requests related to authorization / authentication and other sensitive areas
* Evaluate technical architecture proposals from a security perspective

Requirements:

* Expertise in web application security (OWASP Top 10)
* Experience working with Django and Python
* Experience with cloud security best practices
* Knowledge of SDLC best practices
* Ability to identify the root cause of an issue and follow-up with the appropriate team members
* Experience mapping security controls to audit requirements
* Strong interpersonal and oral / written communication skills
* Experience working in a HIPAA-compliant environment
* Experience securing containerized applications managed with Kubernetes on GCP
* Experience with HITRUST certifications

Bonus Points:

* Be a core leading member of a small, elite product/engineering team
* Be part of a startup that is gaining national recognition and improving healthcare for millions of people
* Flexible work hours and fun, fast-paced environment
* Strong remote and work-from-home culture
* Full benefits + competitive compensation
* Unlimited PTO, wellness allowance and others