DevSecOps Engineer

About Us:

At nFerence Labs, the "Google of Biomedicine" (See also for more information on our research work especially pertaining to Covid19), we are building the world's first massive-scale platform for pharmaco-biomedical computing. Our platform is premised on using AI/Deep Learning (on clinical text, medical images, and other signals) and massive high-performance computing to help pharma companies perform faster and more efficient drug discovery, and also help early diagnosis of several key diseases.

We collaborate heavily with premier medical institutions such as the Mayo Clinic and build systems to get deep medical insights from patient information including patient notes and lab information, medical images, ECGs, etc. We are a well-funded company and are looking to grow on all fronts.

Our team is a blend of CS folks and domain experts (biological science and medical MDs, PhDs, etc) constituting a unique community built of alumni from the likes of MIT, Harvard, the IITs, IISc, and other premier institutions.

Responsibilities:

• Assist in implementing security tools and automation within the CI/CD pipeline.
• Stay up-to-date with the latest security trends, tools, and technologies.
• Contribute to the development and maintenance of security policies and procedures.
• Work closely with developers, operations engineers, and SRE to ensure seamless security integration.
• Implement Secure defaults in GCP, AWS, and AZURE.
• Learn to use and integrate cloud security tools, and automate their integration using scripting.
• Within a month you will be able to do a container security audit, Within a year you will become a Kubernetes Security Engineer (CKS).

Role:

• 20% Security Testing, Threat modeling
• 30% Security Automation, AI
• 20% Cloud, Container Security Implementation
• 30% Business as Usual(BAU). (Alert Monitoring, Improving devsecops pipeline, compliance, etc.)

Qualifications:

• Experience- 1-3 years
• Mandatory skill- Bash and Python scripting.
• Don't apply if you are not passionate about cybersecurity.
• You should be able to build a docker image from scratch. Kubernetes knowledge is a significant plus.
• Strong fundamental knowledge of common web application vulnerabilities, including XSS, SQL Injection, SSRF, and XXE.
• Understanding of authentication mechanisms such as SAML, OAuth, and JWT.
• Preferred: Contributions to open-source tools, or having CVEs or security vulnerabilities in bug bounty.
• Ability to learn quickly and adapt to new technologies.
• Familiarity with cloud platforms (e.g., AWS, Azure, GCP) is a plus.
• Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI) is a plus.

Bonus:

• A solid background in software engineering or data science, with the capability to collaborate closely with the engineering team by engaging in meaningful technical discussions, providing insights, and effectively bridging business and technical perspectives.
• Collaborate with clinical, engineering, and data science teams to translate healthcare domain insights into product strategies, ensuring compliance with regulations while enhancing patient and provider experiences.

Benefits:

• Be a part of "Google of biomedicine" as recognized by the Washington Post
• Work with some of the brilliant minds of the world solving exciting real world problems through Artificial Intelligence, Machine Learning, analytics and insights through triangulating unstructured and structured information from the biomedical literature as well as from large scale molecular and real world datasets.
• Our benefits package includes the best of what leading organizations provide, such as stock options, paid time off, healthcare insurance, gym/broadband reimbursement.