Application Security Engineer
Remote job description
Fullscript helps people get better. It's at the core of everything we do. As the leading platform for prescribing integrative health products, our work positively impacts millions of lives everyday. Our purpose extends well beyond our platform. As a health company, we are committed to the wellbeing of our team members. We are building an organization where people thrive, grow, and have a high impact through their work.
By joining us, you stand with our purpose. You are an independent thinker, who likes to leave things better than you found them. You do things not because they are easy but because they are right. Ready to make an impact?
Fullscript is currently looking for an Application Security Engineer who wants to help ensure our patient and practitioner data is safe and secure in an automated and sustainable way. This role is a key part of building our DevSecOps Program with a culture that breaks down barriers between development, security, and operations through education and outreach. Our security program is geared towards automated embedded self-service security scanning and testing in continuous delivery while using metrics to shape design and drive decisions.
As a Security Engineer, you will help shape this vision and work closely with the Engineering team and third parties (such as auditors and testers) to ensure that the Fullscript platform is secure. You will participate in the development and release of security tools, implementing control processes and integrating with our network and application monitoring solutions. You will help with application security review, threat modelling, vulnerability management and automated testing throughout our software development lifecycle and CI/CD pipeline.
About the DevOps team
The DevOps team at Fullscript is responsible for all aspects of both software delivery and technical operations. We do everything from writing developer tooling, building new infrastructure, monitoring platform health and issue troubleshooting. We do our best to provide top-quality service and support to our external and internal customers. At the same time, we love exploring new technologies and seeing how we can leverage them. Basically, we love all aspects of software - how it's written, how it runs, even how it fails.
What you'll do
- Implement technical solutions and tools to help detect and mitigate security vulnerabilities.
- Review, develop and implement security measures in our CI/CD pipeline to detect security issues before they are deployed.
- Support external security programs such as audit, compliance and penetration testing.
- Identify threats and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancements.
- Understand common attack scenarios within cloud computing environments and ability to stay abreast of changing security threats, techniques and tactics.
What you bring to the table
- Experience with continuous automated penetration and vulnerability testing with tools such as Metasploit, ZAP/BurpSuit and Gauntlt.
- Familiarity with common security controls/frameworks (NIST, PCI DSS, SOC2 or CSA-CCM) and libraries(OWASP-SKF & OWASP Dependency-Check).
- Development experience in languages such as Ruby, Python or Go.
- Experience with OWASP Static/Dynamic analysis, and other common security tools.
- A good understanding of network protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS).
- Familiarity with cloud security controls and best practices.
- Experience with common DevOps tools like Docker, Kubernetes, Ansible and Terraform (or similar).
- Experience with cloud native security tools such as Snyk, Falco, ThreatStack and KMS.
- Good understanding of AWS networking and security internals and tools such as VPC, ELB, Route53, WAF and others.
- Familiarity with Infrastructure as Code (IaC) in an AWS cloud-based environment.
What we can offer you
- Generous PTO and competitive pay
- Fullscript's RRSP match program for financial health
- Flexible benefits package and workplace wellness program
- Training budget and company-wide learning initiatives
- Discount on Fullscript catalog of products Ability to work Wherever You Work Well*
*Our Wherever You Work Well philosophy means Fullscript teammates get to pick their own office - whether that's in-office, at home, or a bit of both.
Fullscript is committed to diversity in its workforce and is proud to be an equal opportunity employer. We are excited to work with talented people, period. All employment decisions are based on business needs, job requirements, and individual qualifications, without regard to race, color, religion or belief, national or ethnic origin, gender, age, disability, sexual orientation, gender identity and/or expression, marital or civil status, political affiliation, family or parental status, or any other status protected by the laws or regulations in the jurisdictions in which we operate.
Accommodations are available on request for candidates taking part in all aspects of the selection process. Please send an email to firstname.lastname@example.org and let us know the nature of your request and your contact information.
Our team handles both personal information and personal health information, which means candidates that receive and accept employment offers must undergo a background check.
Company name: Fullscript
Remote job title: Application Security Engineer at Fullscript (allows remote)
Job tags: security, aws, cloud