Senior Security Engineer (DevSecOps)
- 505 Penobscot Dr, Redwood City, CA 94063, USA
Guardant Health is a leading precision oncology company focused on helping conquer cancer globally through use of its proprietary blood tests, vast data sets and advanced analytics. The Guardant Health Oncology Platform is designed to leverage our capabilities in technology, clinical development, regulatory and reimbursement to drive commercial adoption, improve patient clinical outcomes and lower healthcare costs.
In pursuit of our goal to manage cancer across all stages of the disease, Guardant Health has launched two liquid biopsy-based tests, Guardant360 and GuardantOMNI, for advanced stage cancer patients, and is developing programs for recurrence and early detection, called Project LUNAR. Since its launch in 2014, Guardant360 has been used by more than 5,000 oncologists, over 40 biopharmaceutical companies and all 27 of the National Comprehensive Cancer Network centers.
We are looking for a Senior Security Engineer (DevSecOps) who has 3-5 years of experience doing security testing to identify and mitigate security issues. The candidate will work with developers and DevOps teams to design and implement DevSecOps practices and tools within Guardant Health.
In this role, the candidate will be responsible for cybersecurity hardening of Cancer Diagnostic products which may or may not run at third party sites.
Provide input for system hardening and apply security standards during the product development phase.
Champion security by injecting security concerns into the existing development workflow; build security thinking into every stage of software development.
Provide hands-on technical support expertise in general SW development, system engineering, IT and networking as necessary.
Perform security gap assessments and implement remediations: Threat modeling, penetration testing, etc.
Know the many flavors of K8s, ECS and help enhance DevSecOps.
Monitor industry security updates, changes, technologies, emerging threats and best practices for continuous improvement
Perform continuous monitoring for new high-risk vulnerabilities of released products, triggering proactive actions when needed (security patching)
Collaborate with and provide feedback to Security Officers to ensure the relevancy and the value of the central governance mechanisms, toolsets, reference architecture, and other repositories
Enjoy working in a fast-paced environment to help meet mission-critical objectives.
Write comprehensive reports and deliver presentations for technical and non-technical audiences, including executives and stakeholders
Strong understanding of security concepts, standard methodologies and how to apply them, such as SSH, public key encryption, access credentials, certificates, TLS, data encryption
Experience working in Scrum and/or Kanban agile environments.
Experience with AWS commercial or HealthCare regulated environment, implementation, and administration
Experience with compute clusters like that of Kubernetes or HPC (SGE, slurm, etc)
Working knowledge of common information security management frameworks such as ISO27001
Bachelors or Masters' degree in Computer Science or Information Security or equivalent work experience
Relevant security certifications are a plus, but not required (OSCP/OSCE/GPEN/GWAPT/LPT).
All your information will be kept confidential according to EEO guidelines.