Staff Security Engineer

Syapse is a real-world evidence company on a mission to improve outcomes for all cancer patients. By integrating complete, longitudinal, and continuously updated real-world patient data, we can provide unique insights into patients’ care journeys. Our advantage derives from a decade of partnership with the world’s largest Learning Health Network of innovation-driven healthcare systems. 

Syapse enables providers to operationalize precision medicine and deliver the best care today to their patients while helping life sciences companies and regulators accelerate the development and approval of new therapies for patients tomorrow.  Together we are working toward a future in which all cancer patients have access to the best precision care.

You will join the Syapse team to deploy and manage the Zero-Trust architecture and inform the security posture of our InfoSec service. You will Identify threats and vulnerabilities in Syapse systems and software and lead development and implementation of  high-tech solutions to defend against hacking, malware and ransomware, insider threats and all types of cybercrime.  You will have the support of an InfoSec, IT and DevOps team as well as the rest of the organization as we fully realize that we can only be successful through collaboration.

You will be a key contributor to our compliance and certification efforts such as HIPAA, HITRUST and others including annual audits and risk assessments.  In this role you will collaborate with all corporate stakeholders to drive security improvements in the data and code pipelines.

• Identify threats and vulnerabilities in Syapse systems and software and apply patches and upgrades as required
• Develop and implement high-tech solutions to defend against hacking, malware and ransomware, insider threats and all types of cybercrime
• Manage configurations for network security systems including firewalls, cloud security tooling, endpoint configurations
• Implement continuous monitoring and alerting by leveraging log aggregation and event correlation capabilities
• Deploy critical components of Zero-Trust architecture as planned on the roadmap
• Drive the security operations function providing operational support with tools and processes 
• Provide guidance to our development teams regarding designs and best practices as it relates to information security best practices
• Be part of proof of concept initiatives to test product ideas and recommend security architecture design for product development  
• Conduct new (and annual) vendor security risk assessments
• Partner with R&D to implement security tooling and represent InfoSec in cross-functional initiatives for DevSecOps improvements
• Coordinate and support regular third-party penetration testing efforts 
• Work closely with IT team to drive High Availability and Disaster Recovery for all corporate IT systems and services
• Facilitate incident response processes in partnership with leadership team
• Evangelize information security best practices through the organization
• Represent InfoSec to maintain and improve business continuity plans

• At least 8+ years experience in InfoSec where you were on a team driving and  managing the information security and compliance posture of corporate and cloud based applications. 
• Operational expertise with secure Network Architecture, Vulnerability Management, Threat Modeling, Cloud Security, Firewalls, SSO, MFA, AV, Malware, DLP, Data Encryption, Least Privilege, RBAC.
• Extensive hands-on expertise with a cloud platform such as AWS (preferred), Google Compute or Azure is a must.
• Strong experience in Network Application Security practices.
• Experience in handling compliance audits (HIPAA, SOX, etc.)
• Experience with compliance certifications like PCI, SOC2, HITRUST, or FEDRAMP or FISMA.
• Experience with external software penetration testing
• Team player and Own it mindset.

• Experience drafting and maintaining InfoSec policies
• Secure SDLC experience with R&D partnership
• Disaster Recovery, Incident Response and Business Continuity experience
• Experience with SIEM
• HIPAA and/or healthcare technology experience

: The target base salary for this position is $170,000-$200,000

This base salary is only a part of a total compensation package, annual bonus, benefits, 401k with match, flexible PTO and incentive pay for eligible roles. Individual pay may vary from the target range as a number of factors including market forces, experience, location, disparities in market data and other relevant business considerations may all factor into final compensation.

Have a quick question about the role? Email [email protected] or simply apply here.