Security Engineer, Infrastructure Security

At Nuna, our mission is to make high-quality healthcare affordable and accessible for everyone. We are dedicated to tackling one of our nation’s biggest problems with ingenuity, creativity, and a keen moral compass. Nuna is committed to simple principles: a rigorous understanding of data, modern technology, and most importantly, compassion and care for our fellow human. We want to know what really works, what doesn't—and why. Nuna partners with healthcare payers, including government agencies and health plans, to turn data into learnings and information into meaning. YOUR TEAM  The Nuna Security team is responsible for protecting the confidentiality, integrity, and availability of all healthcare data, client information, intellectual property, and employee data entrusted to our organization. The Nuna Security Team covers the gamut of security across the corporate and production environments. We secure the web applications, the product infrastructure, and the corporate infrastructure. We work closely with the Compliance Team to ensure that we are meeting security standards and providing our customers with the utmost assurance that we will keep their data safe.  We stay ahead of the constantly evolving threat landscape by building and maintaining automated solutions, fostering a security-aware culture across teams, and constantly challenging assumptions. We flourish with our ability to participate and give back to the healthcare industry and security community through leadership, education, and code. YOUR IMPACT As a Security Engineer, you will protect the data of tens of millions of Americans while working closely with our distributed compliance, privacy, and engineering teams by looking deeply into the security of the environment to help improve and embed controls across the company.  The Security Engineer will be responsible for building secure foundational infrastructure in AWS, hardening existing systems, remediating any vulnerability findings in AWS or the product, and conducting threat modeling and system design security reviews.  YOUR OPPORTUNITIES Build secure and compliant infrastructure that enables teams to build self-serve tooling and work with customer data securely Evaluate our existing systems, choose tools and develop software that follow industry best practices Design and implement robust, secure, abstracted systems that allow developers to simply and safely test speculative product changes using production-quality data Participate in Cyber Security Audits and External Penetration Tests  Provide metrics that allow us to identify areas for improvement and measure change Ensure that our deployments are automated, frequent, secure, and without noticeable user impact Respond to incidents Nuna may face in the cloud, product, and corporate environment in a thorough and timely fashion that meets SLAs Participate in our Vulnerability Management program to define remediation workflows, automate reports on a regular cadence, and remediate findings Provide technical support, where needed, to other teams to help secure their systems and remediate vulnerabilities Encourage adoption of security methodologies and architecture changes throughout the company via evangelism and education Continue self-development of knowledge, skills and abilities to better support execution of the information security function Monitor news and intelligence feeds to proactively identify vulnerabilities that may impact the organization Research, evaluate, and assess emerging cyber security threats, incidents, and vulnerabilities YOU BRING Experience working in AWS and a basic understanding of cloud infrastructure deployment, configuration, and management Experience building AWS infrastructure using infrastructure-as-code concepts (preferably via Terraform) Experience designing and implementing system automation that integrates security and resiliency Proven excellence in leadership, organizational, and communication skills. Possess the ability to effectively prioritize tasks across multiple partners Be comfortable with ambiguity and the ability to prioritize tasks across multiple stakeholders Proficient with at least 2 configuration and scripting languages (e.g. Python, Terraform, Cloudformation, Puppet, Bolt, Go, Bash) with experience applying fundamental computer science & software engineering practices Proficient with log analysis and auditing platforms such as Splunk BONUSES Experience with healthcare compliance and security regulations (HIPAA, SOC 2, etc) Experience working with Kubernetes and Jupyterhub Willingness to conduct research, write white papers, and present technical content at local events and conferences. Knowledge of Java and Javascript Interest or background in data analysis and processing and familiarity with big data engines such as Apache Spark or Databricks TECHNOLOGIES USED AT NUNA AWS cloud environment: EC2, S3, RDS, ELB, ECS, ECR, AWS VPCs and networking Operating systems: Linux, OS X and Windows Languages: Python, Go, Bash, Java, Javascript    Cloud orchestration framework: Packer, Puppet, Terraform Metrics and reporting: Splunk, AWS Config, AWS SNS, AWS CloudWatch, Prometheus Coordination & collaboration tools: ClickUp, Confluence, Slack, GSuite, Gitlab We take into account an individual’s qualifications, skillset, and experience in determining final salary. This role is eligible for health insurance, life insurance, retirement benefits, participation in the company’s equity program, paid time off, including vacation and sick leave. The expected salary range for this position is $150,000 to $240,000. The actual offer will be at the company’s sole discretion and determined by relevant business considerations, including the final candidate’s qualifications, years of experience, and skillset. Nuna is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetics and/or veteran status.