Key skills
PythonCGCPTerraformDockerCloud StorageOAuthJWTSAMLRESTfulSaaSCommunicationCritical ThinkingProblem SolvingCollaborationOWASPCloud Security
About this role
ROSALIND is a company that empowers scientists globally to tackle significant health challenges through genomic data interpretation. The role involves ensuring compliance with security and privacy regulations for FedRAMP SaaS operations while maintaining the security posture of U.S. Federal SaaS environments.
Responsibilities:
- Maintaining compliance with security and privacy regulations for our FedRAMP SaaS operations
- Apply your skills and knowledge to make sure the U.S. Federal SaaS environments are secured in accordance with cloud security best practices
- Operated with security in mind, and compliant with Rosalind internal requirements, as well as external regulations
- Continuously assess and improve security posture
- Implement effective security monitoring systems
- Collaborate on security controls reporting automation
- Ensure that active security monitoring of both commercial and U.S. Federal environments is undertaken on a continuous basis
- Overseeing a vulnerability management program
- Participating in and leading risk analysis of findings
- Ensuring that the SecOps team is performing at maximum efficiency globally
Requirements:
- 5+ years of experience in the cybersecurity; with at least 2 years in a cloud security role
- Strong knowledge of Qualys, Linux, Docker, Wazuh
- Experience with vulnerability management and incident response processes
- History of implementing enterprise security tools - SIEM, IDS/IPS, FIM, PAM
- Knowledge of authentication protocols, authorization standards and crypto primitives (TLS, OAuth, SAML, JWT, etc)
- Familiarity with OWASP TOP-10, CIS Benchmarks, STIGs
- Experience / knowledge eMASS, SNAPS, PPSM, C-ITP
- Experience with Infrastructure as Code and Configuration Management tools
- Experience / knowledge of working with RESTFUL APIs and Webservices
- Experience with alerting and monitoring tools
- Experience with common security scanning tools (e.g. Nessus, Qualys, IBM AppScan, Burp Suite, etc.)
- Understanding of software development lifecycle models
- Ability to work effectively in a cross-functional setting through influence, persuasion, and collaboration
- Excellent problem solving, critical thinking, communication, and teamwork skills
- The security mentality that can analyze situations, technology, and human systems both as an attacker and defender
- Ability to understand the business' strategic goals and proactively pursue projects to advance them
- Have prior experience protecting cloud-based environments
- Have clear experience with GCP services: Compute Engine, Cloud Armor, ISA, Cloud Storage
- Hands-on Experience with FedRAMP
- Knowledge of Python, Terraform is a plus
- Certification (GCP Security Specialty GCIH - GIAC Certified Incident Handler, (ISC)2 CCSP – Certified Cloud Security Professional) is a plus