Zus Health is hiring a
Information Security and Compliance Co-op

Summary

Join our infrastructure and security team at Zus, a shared health data platform, as we accelerate healthcare data interoperability. As part of our team, you will contribute to development and hardening of our AWS cloud environments, assist product teams with service deployment and security improvements, participate in threat modeling and risk assessment activities, contribute to our SOC2 audit compliance program, and more.

Requirements

• A passion for information, infrastructure, or cloud computing
• Experience with AWS compute and networking resources (ALB, S3, EC2, ECS, etc.)
• A desire to learn and steward Infrastructure-as-Code (we primarily use Terraform)
• Experience with continuous deployment
• Familiarity with CI/CD pipeline tools (we primarily use GitHub Actions and Datadog) to achieve repeatable, idempotent, secure and monitored pipelines of code deployments
• General awareness and knowledge of cybersecurity principles
• Familiarity with Linux and the command line and coding: shell/bash, nodeJS, python (not necessary these languages, but the willingness to learn languages/frameworks to accomplish guided tasking)
• A self-starter attitude that shows that you are ready for the fast, and sometimes unstructured, nature of an early stage startup, and can get things done independently
• An effective communicator, and the willingness to level up in technical writing and communication (intra-team, customer, vendor, and leadership)

Responsibilities

• Help with Regulatory Compliance (SOC2), maintaining an auditable security posture
• Track KPI around security, and help steer the strategy of how the InfraSec team uses and responds to these signals
• Improve CI/CD tools integration/operations, and full automation of CI/testing
• Participate in Threat Modeling (STRIDE) sessions, and help document, capture, and prioritize remediation or improvements
• Cloud security (AWS): help improve security posture by researching and implementing configurations, fixes, or third-party services
• Work with other engineering teams to develop or improve cloud infrastructure, remediate security vulnerabilities or improve logging, monitoring and metric capabilities
• Help improve our engineering reliability and stability plan, including incident management and SLO monitoring

Benefits

• Competitive compensation that reflects the value you bring to the team
• Opportunity to work alongside a passionate team that is determined to help change the world (and have fun doing it)