Biofourmis Careers

Job Summary:

Perform periodic user access and permission review Jenkins, Bitbucket, Jira business application to ensure stale or unused accounts are deleted timely and users are only given role-based access to perform their job responsibilities. 
• Create and Review role-based authorization strategy for Jenkins, Bitbucket, Jira, and ensure access to systems is provisioned with the concept of least privileges.
• Create appropriate workflow(s) and/or policies for access control and access review
• Analyzing log(s), and tracking who performs what activity in pipeline tools (e.g., bitbucket, Jenkins etc.)
• Support Development team and DevOps team to perform continuous integration and continuous deployment for Bitbucket repo to set up and review
• Configure plugins for pipeline tool’s users to ensure access/permission control
• Configure security setting and policies in Jenkins, Bitbucket, Jira to secures Development team and DevOps’ workflow from code to deployment by configuring tools such as Vault, KayCloack.
• Configure and review Source Control to enable development teams to effectively manage changes and version code in their codebases
• Participate in internal and external Security and compliance audit.

Experience and Skill set Requirement
• Graduate with 3+ years of experience of CI/CD processes in Jenkins, Bitbucket Pipelines, and with container technologies like Kubernetes, Dockers.
• Strong Experience with SCM methodologies especially Git, Bitbucket and GitHub.
• Experienced in version control systems like GIT and used Source code management tools
• Hands-on experience with Infrastructure as a Code Tools
• Good understanding of role-based access control and enjoy working on all types of planned and unplanned issues/tasks.
• Knowledge of Cloud technologies
• Familiar with information security practices and procedures

Roles & Responsibilities

• Support security compliance audits like SOC-2, ISO 27001 and HITRUST.
• Conduct readiness assessments, coordination with stakeholders, document and controls implementations for the external audits on a regular basis.
• Perform security and technology risk assessment, and provide recommendations on risk mitigation /remediation strategies under the guidance.
• Work with the business & other stakeholders in creating and roll out security policies, processes and controls to manage technology risk and ensure effective risk governance.
• Perform routine internal audits and follow up on action items for effective compliance management.
• Regularly review, update and align the current security policies with the control infra.
• Support, participate and monitor BCP/DR plan and drills under the guidance.
• Work with team or independently manage security projects and tools.
• Assist in mapping various compliance frameworks, certifications, etc.
• Support on vendor security assessments e.g. initial kick off, follow up, remediation plans and follow ups, etc. under the guidance.

Requirements

• 7 years of relevant experience or a previous role into security technology with few years into risk, compliance and audit activities.
• Excellent implementation knowledge of various security audits like SOC 2 and ISO 27001, their expectatioins and requirements.
• Experienced in working with external auditors, as an auditor and auditee.
• Good conceptual and analytical skills on implementing security controls to protect organizational assets.
• Capable of participating in multiple projects simultaneously in an evolving and fast growing organizational culture.
• Excellent interpersonal skills, good at coordination and a team player.
• Any of the certification/s – CISA, CRISC, etc.

Preferred Qualifications/Skills

• Past experience with healthcare industry is a plus.
• Experince with medical devices, IoT devices, etc. related compliance to support regulatory requirements (FDA, etc.) and third party security audits like SOC 2, ISO 27001, MDSAP, ISO 13485, etc. is a plus.
• Good to have knowledge of cloud security.