Security Engineer
Truveris
 OR (Oregon)
Truveris is a digital health company that partners with employers, brokers, and pharmaceutical companies to dramatically improve people’s ability to afford and access prescription drugs. With expertise and technology solutions that span across the prescription drug ecosystem, we deliver the outcomes people and businesses need to thrive.

We are on a mission to transform the pharmaceutical industry and are backed by leading venture capital firms including Canaan Partners, First Round, New Atlantic Ventures, New Leaf Venture Partners, Tribeca Venture Partners and McKesson Ventures. In 2018, Truveris was ranked as one of the fastest growing technology companies in the U.S. by Deloitte, Crain's, and Inc.

The Security Engineer will have a lead role in detecting, triaging, and remediating information security related risk throughout Truveris systems. This position will report to the Director of DevOps and will be responsible for application and infrastructure security, as well as incident detection and response. The security engineer will work closely with the Development team to ensure that secure practices are followed throughout the entire SDLC. 

Responsibilities

  • Engineer, implement and monitor security measures for protection and detection of threats against computer systems, networks and information assets
  • Identify issues in application code, through design guidelines, and both automated as well as manual testing
  • Work alongside other engineering teams to contribute code, remediate issues and educate fellow engineers
  • Design and architect security sensitive application and infrastructure systems such as authentication or authorization libraries and PKI deployments
  • Lead security tooling adoption
  • Identify and define system security requirements
  • Design and develop security architecture and parameters
  • Design and document standard operating procedures and protocols

Requirements

  • Proven working experience in building and maintaining secure systems
  • Experience with industry standard network, system, and security monitoring tools
  • In depth knowledge of current security principles, techniques, protocols and standards
  • Familiar with web application stack security, pitfalls and best practices
  • Problem solving skills and the ability to work under pressure
  • Familiarity with functional and OOP programming paradigms

Nice to have

  • Experience with Python, React, NodeJS, AWS
  • Familiarity with HIPAA/HITRUST/SOC 2 requirements or other security/compliance frameworks
  • Experience working with micro-services and cloud environments
  • Experience working in healthcare and startup environments