Invitae is one of the fastest growing genetic information companies, whose mission is to bring comprehensive genetic information into mainstream medical practice to improve the quality of healthcare for billions of people. Our web team is responsible for delivering public-facing, digital experiences to our customers which include health care providers and patients as well as internal client support users. The genetic testing space is moving and expanding quickly. In support of the Invitae mission, our engineering team needs to continue to move faster but with a greater focus on safety. We take the security and privacy of our users health care information very seriously as our brand promise begins with a strong level of trust. We are looking for software engineers that are passionate about security and can be security champions on the team and help ensure security and privacy across all of our customer experiences.
What you'll be doing:
* Build and extend systems and services that will securely transmit and store sensitive data. * Collaborate with engineers to design and implement product features with security in mind. * Work with a product team to plan and implement security features. * Run application penetration tests. * Participate in code reviews and identify security issues. * Collaborate closely with development teams within an agile process to identify, debug, and test security issues identified in customer-facing web and mobile applications. * Lead and improve on our Secure Software Development Lifecycle. * Support and mentor engineers in secure development practices and be a security subject matter expert within the team. * Perform on-going security and vulnerability testing and security assessments to improve application security. * Contribute to the design, development and testing of web software features and services that support HIPAA compliance. * Collaborate with colleagues on authentication, authorization, and encryption solutions. * Collaborate with product and engineering to balance security risk with product advancement. * Identify and address information and data security issues throughout the software development lifecycle.
Who we are looking for:
* Experience and passion for building security-focused platforms and customer-facing applications that perform at scale. * Software engineering fundamentals with web and mobile applications. * 5+ years of experience working with development teams building docker-based applications in languages such as Python, PHP, Ruby, or Java. * Familiar with common language frameworks like Django or Flask as well as React/Redux. Worked extensively with cloud providers such as AWS. * Experience successfully triaging and resolving security bugs and incidents. * Demonstrated strong communication and interpersonal skills across engineering organizations. * Ability to identify security flaws in the product and fix them together with the engineering team.
Nice to have:
* Has evangelized secure coding practices cross functionally. * Experience threat modeling new and existing applications. * Working knowledge of secure development practices such as OWASP / BSIMM. * Experience working with security tools such as static code analyzers (ex. Fortify, Checkmarx, Veracode) and dynamic analyzers (ex. AppScan, Acunetix, Burp Suite, ZAP).
At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.
Invitae is a company engaged in medical genetic testing.