Full-Time Security & Risk Engineer US based

About Buoy Software
Our mission is to deliver the best experience possible to as many donors of blood products (such as plasma) as possible, in as many communities as possible. We use our understanding of blood product donation and the industry's regulations and pair them with our extensive consumer product experience to enrich the lives of our members and improve health outcomes for patients everywhere. In an industry that hasn't seen innovation in more than two decades, Buoy's software streamlines the donation process allowing our business to promote loyalty while improving efficiency in a donation center.

The need for blood products is growing rapidly. We want to close the gap in blood product supply and demand by empowering organizations with the right tools. Buoy is the intuitive, data-driven mobile application for donors.

About The Role
We're looking for a Security and Risk Engineer to join our team. You should be someone who is comfortable and experienced in risk management and code review. This role will work closely with specific product engineering pods, owning all security controls and documentation for assigned pods. You should have an eye for continuous improvement, risk and vulnerability management, and security compliance.

What you'll do:

• Oversee vulnerability and security risk management
• Oversee security compliance activities
• Manage continuous monitoring and auditing processes
• Perform code assessments
• Define, implement, evaluate, and maintain the effectiveness of security and risk controls
• Identify current and emerging issues
• Collaborate with team members and stakeholders
• Design security controls
• Perform third party security assessments
• Educate and train staff

Who you are:

• Experience with threat modeling analysis such as STRIDE and Attack Tree methodologies
• Experience with software as a service
• A self-starter
• Able to adapt to change quickly
• A team player

In the first 30 days:

• Be introduced to the team
• Learn how Buoy Software operates internally
• Go through product demos
• Meet and get to know your manager
• Review existing security documentation

In the first 60 days:

• Understand goals for your pods
• Begin implementing solutions
• Become more familiar with workflows and processes
• Become more autonomous
• Start to define timelines
• Begin to suggest changes

In the first 90 days:

• Meet with stakeholders
• Become more familiar with other departments

Compensation: $120,000 - $140,000 a year

Location: Fully Remote

What is the last date for applying to the job?

Which countries are accepted for this remote job?