Curavit is seeking a skilled and proactive IT professional to scale their security and infrastructure operations. The role focuses on implementing and automating compliance with clinical regulations and security frameworks while managing endpoint solutions and security testing in development pipelines.
Responsibilities:
- Automate evidence collection and monitoring for HIPAA compliance and other clinical security frameworks and regulations
- Evaluate, select, and roll out an MDM/endpoint solution for our devices
- Set up and maintain security testing in our pipelines (SAST/dependency scanning, secrets detection, and supporting scripts)
- Lead the integration of IT and security tools, including identity management (Okta), SSO federation, and cloud-based security services
- Maintain and optimize infrastructure using Terraform and YAML configurations, favoring automation over manual day-to-day tasks
- Partner with software development and clinical operations teams to define technical requirements and resolve interdepartmental issues
Requirements:
- Strong IT/infrastructure background: endpoint management, identity, and day-to-day systems administration
- Comfortable with scripts and configuration: write and maintain scripts (Python/Bash or similar), read Terraform, and work with YAML based configuration
- Experience with security tooling in CI/CD pipelines: for example, GitHub Actions, Circle CI, or GitLab (GitHub Actions is ideal)
- Familiarity with security framework compliance: for example, SOC2 or ISO27001 (experience with Drata or a similar GRC platform is ideal)
- IAM/administration experience: experience with identity management and access control (Okta is ideal)
- Familiarity with security best practices: for example, dependency management, automated vulnerability scanning, and code analysis
- Self directed and flexible: we are still a relatively small team, you will be the primary owner on this domain. We need someone who is able to work without much external direction and work on tasks outside of their immediate comfort zone
- Healthcare/Clinical compliance experience: HIPAA, GCP (Good Clinical Practice), and 21 CFR Part 11
- Endpoint/MDM deployment experience: Kandji, Jamf, Intune, etc…