About Us:
Grand Rounds' vision is to create a path to great health and health care, for everyone, everywhere. Founded in 2011, the company provides an employer-based technology solution that connects members and their families to high-quality care. With Grand Rounds, employers get a personalized, high-performance network at scale, while their employees get the tools and support needed to navigate their care on their own terms. Named Rock Health’s 2018 Fastest Growing Company, Grand Rounds helps restore individual health and quality of life, and offers employers lower health care spend and higher employee productivity. For more information, please visit www.grandrounds.com.
Security Engineering at Grand Rounds:
Security is at the core of what we do and has been a key competitive differentiation, facilitating the growth and scale that has allowed us win a large number of Fortune 100 companies. Because of the nature of Grand Rounds' product, nearly every system we operate needs to interact with sensitive health and personal data, making the security team an extremely dynamic and challenging environment to join. Building out this team is a priority for Grand Rounds.
Our security engineering team leads the efforts that provides a world-class, secure platform that our applications run on. To accomplish this, the security engineering team works closely with other engineering teams to ensure security-first principles as part of their design and development flows.    
Why we need you:
As Grand Rounds’ member base continues to grow we need to ensure our security and compliance processes scale in accordance. As the Lead Security Engineer, it will be your responsibility to foster and develop partnerships with key business groups to ensure that we're prioritizing and delivering the right tools and services. Within this, you will assist with the research and development of projects that drive the roadmap and technical direction that continue to present Grand Rounds as an industry leader.
We're also embarking on a number of key technical initiatives that focus on delivering data portability. You'll be instrumental in the design and implementation of these systems, from authentication and authorization to tracing and auditing. This will all be within a modern tech stack that makes use of technologies such as Kubernetes, Envoy, Docker, Terraform, Packer, Fluentd, running on Amazon Web Services and Google Cloud Platform.
Your key objectives

Grow and mature the Grand Rounds Security Engineering program and team by:

  • Developing measurable metrics to show growth in capabilities
  • Providing guidance on prioritization and remediation of security issues
  • Providing high-level and low-level briefings to security leadership, engineering, compliance, and other areas of the business
  • Working with other teams to help architect solutions that are inherently secure
  • Driving security at scale, focusing on automation and process improvement
  • Accelerate Grand Rounds growth by leading the delivery of differentiating capabilities by:

  • Correctly balancing security risk and product advancement
  • Increasing the observability within the platform by implementing IDPS & SIEM
  • Driving security implementation at scale, focusing on automation and process improvement that push security concerns left into the development workflow.
  • Ensuring real-time compliance through the implementation of compliance policies for our infrastructure and applications
  • Tailoring assessments to better answer specific questions around true risk, practical exploitation, and where prevention resources should be focused
  • Technical Strengths

  • Balancing high-level architecture and design principles with strong technical know-how
  • Strong desire to apply scripting or relevant programming skills for automating repetitive tasks
  • Have applied knowledge of authentication mechanisms like SAML, OAuth, etc.
  • Up to date knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
  • Deep understanding of web application architecture and design principles
  • Solid grasp of system, network and security fundamentals
  • Experienced in a cloud software devop environments where software release, SDLC, CI/CD, and software development best practices are implemented
  • Non Technical Strengths

  • Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change
  • Self-starting attitude and fearless ascent up the learning curve
  • Excels at working in a fast-paced, dynamic yet mature engineering environment
  • Effectiveness with cross-functional communication and ability to achieve impact
  • Excellent communication, interpersonal, and organizational skills for team partnering and information sharing
  • Can think about problems from an out-of-the box perspective, doesn’t always default to industry norms
  • Has a knack for finding flaws in software and can effectively communicate how to fix them
  • Your values

  • Making social impact and driven by a mission oriented company
  • Continual personal and professional growth 
  • End-to-end ownership and accountability
  • Software Engineering as a craft rather than a discipline
  • Elegance achieved through simplicity rather than cleverness
  • Fast feedback produces better results
  • -----------
    Grand Rounds is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Grand Rounds considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.