Security & Risk Engineer
Remote
Engineering – Cybersecurity /
Full Time /
Remote
About Buoy Software
Our mission is to deliver the best experience possible to as many donors of blood products (such as plasma) as possible, in as many communities as possible. We use our understanding of blood product donation and the industry’s regulations and pair them with our extensive consumer product experience to enrich the lives of our members and improve health outcomes for patients everywhere.
In an industry that hasn’t seen innovation in more than two decades, Buoy’s software streamlines the donation process allowing our business to promote loyalty while improving efficiency in a donation center. In turn, the increase in blood product donations improves a supply level that is at an all time low, and allows for blood-product derived biotherapies to continue to evolve, improve, and save lives for those who face life-threatening conditions (i.e. immune deficiencies and blood disorders). Without an increase in blood product donations, we are facing a worldwide health crisis that ultimately results in rationing of care without the proper resources. Buoy Software is excited to be playing more of a role in improving the state of blood products and blood product donations.
We’re working alongside Join Parachute (www.joinparachute.com/) in the opening of small market donation centers across the country that will create local donation center careers, opportunities to donate blood products, and provide financial compensation for those donations that will have a positive economic impact in those communities.
The need for blood products is growing rapidly. We want to close the gap in blood product supply and demand by empowering organizations with the right tools. Buoy is the intuitive, data-driven mobile application for donors.
About The Role
We're looking for a Security and Risk Engineer to join our team. You should be someone who is comfortable and experienced in risk management and code review. This role will work closely with the software as a medical device team, owning all security controls and documentation for this area. You should have an eye for continuous improvement, risk and vulnerability management, and security compliance.
Where you'll be
We are fully remote. We deeply believe in distributed teams at Buoy. We build projects around motivated individuals. We give our team the environment, support and trust they need to get the job done.
What you’ll do:
- Oversee software as a medical device vulnerability and security risk management including, but not limited to, vulnerability and risk identification/assessment, crafting mitigation proposals, tracking mitigation status, and testing and validating mitigation methods.
- Oversee software as a medical device security compliance activities including, but not limited to, hazard analyses, threat modeling, root cause analysis, and creating, updating, and maintaining policies and other relevant documentation.
- Manage continuous monitoring and auditing processes to detect and respond to security incidents, which may require after-hours work.
- Perform security-focused code review to determine any impacts for Buoy’s software as a medical device.
- Responsible for defining, implementing, evaluating, and maintaining the effectiveness of security and risk controls.
- Collaborate with team members and stakeholders on software as a service/software as a medical device projects including IEC 62304 audits.
- Design security controls that increase operational efficiency and reduces the likelihood of control failure.
Who you are:
- You have experience with threat modeling analysis including STRIDE and Attack Tree methodologies.
- You have experience with software as a service. Experience with software as a medical device is preferred.
- You are a self starter. You enjoy working in an environment where you have a lot of autonomy. You are not one to wait around to be given work, but are always looking for ways in which you can provide support for your colleagues.
- You can adapt to change quickly and thrive in an environment where every day is different / you own a variety of tasks.
- You are a team player. Everyone contributes within the Buoy team, and you want to help the team get the job done when needed, regardless of initial ownership.
- You are professional in your collaboration and communication methods. You can represent Buoy and our values both internally and externally (with vendors / partners) as needed.
In the first 30 days, you will…
- Be introduced to the team - we’ll help you start to get to know your colleagues, point of contacts for various scenarios, understanding dynamics within the broader org.
- Learn how Buoy Software operates internally - we’ll help you get accustomed to Buoy’s process, engineering terminology, and other cultural aspects of working here.
- Go through product demos to start to understand Buoy Software and how it works for both donors experience and donor processing.
- Begin meeting with and getting to know your direct manager who will share various projects and goals for this role to provide guidance as you settle into the position.
- Review existing software as a medical device documentation and determine any gaps or improvements.
- Hit the ground running, start code reviewing!
In the first 60 days, you will…
- Understand goals for the software as a medical device over the next 6 - 12 months.
- Begin implementing solutions for gaps identified and performing all duties related to continuous management of security for the software as a medical device.
- Become more familiar with workflows and processes.
- Become more autonomous as you work with your pod and other stakeholders.
- Start to define timelines for various projects with your manager to help prioritize your focus and align them with the goals for this role.
- Begin to suggest changes and improvements to the security program and/or internal processes.
In the first 90 days, you will…
- Meet with stakeholders across the broader Buoy Software organization.
- Become more familiar with the other departments across Buoy Software (including leadership, support, customer success, marketing, and people ops).
$120,000 - $150,000 a year
Where you'll be
We are fully remote. We deeply believe in distributed teams at Buoy. We build projects around motivated individuals. We give our team the environment, support and trust they need to get the job done.
We are only considering candidates currently based in the United States at this time.
---
Employment at Buoy Software is contingent upon achievement of satisfactory results on your background check and reference check and your ability to provide proof of your identity and eligibility to accept employment in the United States.