May 19, 2021
Sema4 is a health information company founded on the idea that more information, deeper analysis, and increased engagement will improve the diagnosis, treatment, and prevention of disease. A Mount Sinai Health System venture based in Stamford, Conn. Sema4 is enabling physicians and consumers to more seamlessly engage the digital universe of data, from genetic test results and clinical records to wearable sensor metrics and more. The company currently offers advanced genome-based diagnostics for reproductive health, oncology, and pharmacogenomics, and is building predictive models of disease biology. Sema4 believes that patients should be treated as partners, and that data should be shared for the benefit of all.
The Sema4 Product Engineering team is seeking a mid-level DevSecOps Engineer to assist in protecting and securing our software application portfolio. This position will also play a significant role in advancing and maintaining Sema4’s security and compliance posture. You’ll work with a team of DevOps engineers to incorporate security and compliance requirements into existing and new infrastructure-as-code, automation, and CI/CD pipelines.
Secure cloud-based servers (mainly Linux) based on prescriptive frameworks and compliance requirements
Incorporate security, compliance, and governance requirements into code and infrastructure pipelines
Apply DevOps automation principles and capabilities to manual and repetitive tasks
Review and plan infrastructure changes and new builds to comply with security requirements
Participate in incident response, triage, and investigation/remediation of infrastructure issues
Update and maintain documentation, audit trails, and artifacts relevant to security and compliance posture of the company
Assist in updating and maintaining documentation, audit trails, and artifacts relevant to the security and compliance posture of our application portfolio
Bachelor’s Degree in Software Engineering, Computer Science, or related field (equivalent experience also considered).
AWS and GCP cloud platforms, certifications on either are a plus
Linux system administration and security/hardening practices
Familiarity with security tooling such as GuardDuty, SecurityHub, IAM
DevOps tooling such as CircleCI, Sentry, Datadog,
Containerization technologies such as Kubernetes, EKS, Snyk
3+ years proven ability to work creatively and analytically in a problem-solving environment
Familiarity with a minimum of 1 scripting language (Ruby/Python/perl/Bash)
Familiarity with IaC tools such as CloudFormation or Terraform
Familiarity with security and reporting frameworks, e.g. HITRUST, SOC2, NIST, a plus
Familiarity with healthcare and healthcare security—HIPPA, HITECH—a plus
CISSP/CCSP or equivalent security certification is a plus
Excellent leadership, communication (written and oral) and interpersonal skills