Doximity is transforming the healthcare industry. Our mission is to help doctors save time so they can provide better care for patients.
We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds to help build the future of healthcare.
This position is for an experienced DevOps engineer to own Security efforts for our entire application stack and join our 8 person DevOps team. We’re looking for someone with a strong track record in building infrastructure, maintaining high level of uptime and optimal security. You will be supporting and building products alongside our 50+ person engineering team used by hundreds of thousands of people.
How you’ll make an impact:
- Develop, schedule, and execute automated security audits on infrastructure using industry standard security frameworks and tooling.
- Write penetration tests for applications and services.
- Periodically audit and rotate access credentials.
- Document current and future security procedures and policies in the wiki.
- Lead security/policy related audits such as SOC2 Type II (annual renewal).
- Work with sales and client services teams to answer infrastructure related security questions and concerns that clients inquire about.
- Remediate and write post-mortem reports on security-related issues.
- Active involvement in design, implementation, and maintenance of the development, staging, and production infrastructure security.
- Work on automating tasks using Jenkins.
- Troubleshoot system issues (such as high-load, memory, CPU usage, etc.) and come up with temporary/long-term solutions based on the root cause.
- Work with developers to deploy applications ready for production (Terraform, Consul, Vault, Upstart, NGINX, Sensu). We believe in infrastructure as code and follow it.
- Write Chef cookbooks (using "Berkshelf Way") to automate configuration management.
- Participate in a 1-week on 7-week off, 24/7 on-call rotation.
- Hands-on maintenance on our Ruby on Rails and Go (Golang) applications.
- Troubleshoot issues across the whole stack: hardware, software, and network.
What we’re looking for:
- Minimum of 5 years of Linux/UNIX systems engineer & administrator experience.
- Minimum of 5 years of relevant web application security experience
- Extensive AWS experience
- Experience writing application security penetration tests with an open source framework.
- Automation experience with configuration management tools such as Chef, Ansible, or Puppet.
- Intermediate to advanced experience administering and securing an RDB (MySQL or Postgres a plus)
- Proficient in bash shell scripting (sed + awk) and one of Ruby or Python.
- Experience automating application deployments with Capistrano or Jenkins.
- Ability to work in a proactive manner and manage your own queue.
- Experience with Hashicorp tools, Neo4j, Elasticsearch, Kibana, Grafana is a big plus.
We’re thrilled to be named the Fastest Growing Company in the Bay Area,
and one of Fast Company’s Most Innovative Companies
. Joining Doximity means being part of an incredibly talented and humble team. We work on amazing products that over 70% of US doctors (and over one million healthcare professionals) use to make their busy lives a little easier. We’re driven by the goal of improving inefficiencies in our $2.5 trillion U.S. healthcare system and love creating technology that has a real, meaningful impact on people’s lives. To learn more about our team, culture, and users, check out our careers page
, company blog
, and engineering blog
. We’re growing fast, and there’s plenty of opportunity for you to make an impact—join us!
Doximity is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.