Information Security Officer

Picnic’s mission is to structure the world’s medical data to make it useful. We work directly with patients to collect, digitize, and manage their complete medical records, giving them with control over their care through a personal health timeline (see demo). We also partner with biotech, genomics, and pharma companies who sponsor PicnicHealth accounts for research volunteers. Through this work we’re building the data sets that power some of today’s most cutting edge medical research. We’re going through a period of major growth, increasing patient volume by 20x this year, and have some big partnership announcements coming soon.  

It’s critical for us to meet the highest security and privacy standards. Security and privacy are consistently reported as the top priority for the the users of our platform. As the first dedicated information security officer on our team, we’re looking for you to help ensure we’re meeting our commitment to protect our users. 

Responsibilities:
  • Maintain and develop PicnicHealth’s information security policies and ensure effective implementation
  • Work with security teams of PicnicHealth enterprise partners pre- and post-sales
  • Create and execute training exercises to advance employees’ and developers’ security knowledge
  • Provide ongoing security assessments and analysis to identify and mitigate risks
  • Work with other PicnicHealth teams to help architect solutions that are inherently secure
  • Review and assess security events and lead the Security Incident Response Team
  • Improve our detection abilities by building better monitoring and alerting systems, ensuring we can separate the signal from the noise
  • Manage the bug bounty program and implement fixes for identified issues
  • Work with 3rd party assessors to complete HITRUST certification

A candidate must have:
  • 3+ years of related security experience for a cloud-based product
  • 2+ years of engineering experience in a cloud-production environment. You have working knowledge of service-oriented architectures and software development, as well as experience with different logging tools fit for a cloud environment
  • Ability to write high quality code in a programming language (e.g. Python, JS)
  • Previously held a SIRT role (monitoring, IR, or both) and has subject matter expertise on on internal security issues.  
  • Implemented and maintained infrastructure, such as intelligence tracking systems, to support an Incident Response team
  • Familiarity with security compliance frameworks

The ideal candidate:
  • Hates repetition, and looks to automation to solve problems
  • Is driven to build systems and processes to make it easier for employees to do their job in a secure way
  • Has worked with GCP or Kubernetes
  • Is deeply familiar with HITRUST or HIPAA
  • Is excited to work with teams throughout the company on a range of information security initiatives
  • Enjoys kicking ass and saving lives

Want to apply later?

Type your email address below to receive a reminder

ErrorRequired field

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
insert_drive_file
Error
Error
Error
Error
Error
ErrorRequired field