About the role:

Grand Rounds is looking to hire a Product Security Engineer! In this role, you will be helping Grand Rounds change the standard of security in healthcare, and help us build our Product Security team. You will be working with developers, engineers, data scientists, and other professionals to ensure our platform, application, and member experience are secure.

Responsibilities:

• Security engineering and architecture background for both corporate and cloud infrastructure. You will have made design choices and implemented security capabilities for Network Design (IDS/IPS), Secure Access (Active Directory + AWS IAM), Threat Models, and Security Monitoring amongst others, for a variety of Operating Systems and different environments.
• Cloud security, and cloud native security capabilities. You will be working closely with the Data Engineering team and Member Experience (Application) team to incorporate security best practices, process, and capabilities into our cloud infrastructure and applications.
• Experience and opinions with infrastructure as code. You will be working with our Platform Engineering team to harden and secure our infrastructure as code repositories and ensure security best practices are followed.
• Experience working with developers throughout the software development lifecycle to ensure Security by Design.
• Act as the Security Architect, working together with other Architects and Staff Software Engineers to plan, and execute joint initiatives to make our product and platform more secure, while maintaining velocity.
• Mature the vulnerability management and bug bounty program for Grand Rounds. You will also help research the potential impact of recently disclosed vulnerabilities, and assess criticality of findings to drive remediation with our engineering business partners.
• Team player, influencer, and growth mindset to help drive out of the box solutions.
• Excellent communication skills to clearly communicate security recommendations, decisions, and to build and maintain security relationships across the enterprise.

Qualifications:

• Bachelor’s Degree in Computer Science or a related field and 6 years experience in Information Security
• CISSP, CCSK, CCSP certifications
• Experience working with common security vendors for an AWS stack, and also with cloud native AWS security capabilities 
• Code comprehension in at least two languages (Java, Python, Ruby, C++ etc.) 
• Experienced with Container Security and expert in security best practices for K8, and Docker.
• Self-starter, to help drive, define, and build the Product Security team, roadmap, and roles/responsibilities.
• Discussion and collaboration mindset. Engaging in healthy, constructive debates is key to our teams to innovate and plan for the future, of which Information Security plays a key role.
• Experience in implementing controls and supporting audit or evidence requests for information security compliance programs including PCI, ISO 27001, HITRUST, and SOC 2
• Previous experience working in a startup environment

About Included Health

Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com.

-----

Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.