Security Automation and Compliance Co-op chez Zushealth

What we're looking forSecurity is central to Zus’s mission to bring information speed to health care. As part of our compliance and security team, you’ll help drive the automation of the monitoring Zus (AWS) cloud security posture, build data pipelines and integrations to our Governance-Risk-Compliance platform to capture evidence on our security controls, partner with engineering teams to capture metrics on technical operations, and ensure alignment with auditors and framework requirements.We’re looking for someone comfortable with tackling a diverse set of responsibilities and who can communicate effectively with the rest of the organization.



As part of our team, you will

Help with Regulatory Compliance (SOC2, HITRUST), maintaining and automating an auditable security posture

Track KPI around security, and help steer the strategy of how the InfraSec team uses and responds to these signals

Improve CI/CD tools integration/operations, and full automation of CI/testing

Participate in Risk Assessment sessions, and help document, capture, and prioritize remediation or improvements

Cloud security (AWS): help improve security posture by researching and implementing configurations, fixes, or third-party services

Work with other engineering teams to develop or improve cloud infrastructure, remediate security vulnerabilities or improve logging, monitoring and metric capabilities

You're a good fit because you have

A passion for information, coding, cloud computing, and implementing data pipelines

Understanding of and heavy interest inAWS compute and networking resources (ALB, S3, EC2, ECS, etc.)

A desire to learn and steward Infrastructure-as-Code (we primarily use Terraform)

Knowledge of and interest in working with Continuous Deployment

Familiarity with CI/CD pipeline tools (we primarily use GitHub Actions) to achieve repeatable, idempotent, secure and monitored pipelines of code deployments

General awareness and knowledge of cybersecurity principles

Familiarity with Linux and the command line and coding: shell/bash, nodeJS, python (not necessary these languages, but the willingness to learn languages/frameworks to accomplish guided tasking)

A self-starter attitude that shows that you are ready for the fast, and sometimes unstructured, nature of an early stage startup, and can get things done independently

An effective communicator, and the willingness to level up in technical writing and communication (intra-team, customer, vendor, and leadership)

Postuler maintenant