**About Syapse**
Syapse is a real-world evidence company on a mission to improve outcomes for
all cancer patients. By integrating complete, longitudinal, and continuously
updated real-world patient data, we can provide unique insights into patientsโ
care journeys. Our advantage derives from a decade of partnership with the
worldโs largest Learning Health Network of innovation-driven healthcare
systems.
Syapse enables providers to operationalize precision medicine and deliver the
best care today to their patients while helping life sciences companies and
regulators accelerate the development and approval of new therapies for
patients tomorrow. Together we are working toward a future in which all cancer
patients have access to the best precision care.
**About the role**
You will join the Syapse team to deploy and manage the Zero-Trust architecture
and inform the security posture of our InfoSec service. You will Identify
threats and vulnerabilities in Syapse systems and software and lead
development and implementation of high-tech solutions to defend against
hacking, malware and ransomware, insider threats and all types of cybercrime.
You will have the support of an InfoSec, IT and DevOps team as well as the
rest of the organization as we fully realize that we can only be successful
through collaboration.
You will be a key contributor to our compliance and certification efforts such
as HIPAA, HITRUST and others including annual audits and risk assessments. In
this role you will collaborate with all corporate stakeholders to drive
security improvements in the data and code pipelines.
**Your responsibilities in this role would include:**
* Identify threats and vulnerabilities in Syapse systems and software and apply patches and upgrades as required
* Develop and implement high-tech solutions to defend against hacking, malware and ransomware, insider threats and all types of cybercrime
* Manage configurations for network security systems including firewalls, cloud security tooling, endpoint configurations
* Implement continuous monitoring and alerting by leveraging log aggregation and event correlation capabilities
* Deploy critical components of Zero-Trust architecture as planned on the roadmap
* Drive the security operations function providing operational support with tools and processes
* Provide guidance to our development teams regarding designs and best practices as it relates to information security best practices
* Be part of proof of concept initiatives to test product ideas and recommend security architecture design for product development
* Conduct new (and annual) vendor security risk assessments
* Partner with R&D to implement security tooling and represent InfoSec in cross-functional initiatives for DevSecOps improvements
* Coordinate and support regular third-party penetration testing efforts
* Work closely with IT team to drive High Availability and Disaster Recovery for all corporate IT systems and services
* Facilitate incident response processes in partnership with leadership team
* Evangelize information security best practices through the organization
* Represent InfoSec to maintain and improve business continuity plans
**What you bring to the table**
* At least 8+ years experience in InfoSec where you were on a team driving and managing the information security and compliance posture of corporate and cloud based applications.
* Operational expertise with secure Network Architecture, Vulnerability Management, Threat Modeling, Cloud Security, Firewalls, SSO, MFA, AV, Malware, DLP, Data Encryption, Least Privilege, RBAC.
* Extensive hands-on expertise with a cloud platform such as AWS (preferred), Google Compute or Azure is a must.
* Strong experience in Network Application Security practices.
* Experience in handling compliance audits (HIPAA, SOX, etc.)
* Experience with compliance certifications like PCI, SOC2, HITRUST, or FEDRAMP or FISMA.
* Experience with external software penetration testing
* Team player and Own it mindset.
**Bonus points if you**
* Experience drafting and maintaining InfoSec policies
* Secure SDLC experience with R&D partnership
* Disaster Recovery, Incident Response and Business Continuity experience
* Experience with SIEM
* HIPAA and/or healthcare technology experience
**Compensation** : The target base salary for this position is
$170,000-$200,000
This base salary is only a part of a total compensation package, annual bonus,
benefits, 401k with match, flexible PTO and incentive pay for eligible roles.
Individual pay may vary from the target range as a number of factors including
market forces, experience, location, disparities in market data and other
relevant business considerations may all factor into final compensation.
**_Next steps_**
_Syapse is a globally distributed, technology-enabled insights company with no
physical offices and a Remote First ethos. While we love meeting candidates
face to face, weโre committed to providing you the best possible interview
experience and opportunities to spend meaningful time getting to know our
company, mission, and wonderful teammates in our fully remote interviews. We
appreciate your help in achieving this outcome and welcome your feedback and
requests on how we can make this a reality for yourself & future candidates._
Have a quick question about the role? Email
[careers@syapse.com](mailto:careers@syapse.com) or simply apply here.* *
