About organisation: We are a US Based Venture backed Digital Health Company. We enable Health Care Providers (HCP) to capture true Virtual Care Opportunities beyond Telehealth. We enable HCP to provide Proactive and Continuous Care and add new Recurring monthly revenue streams without any upfront cost. With our unique distribution and business model, we are seeing fast acceptance and great adaptation with our target
customers. We have built unique and Industry’s first Integrated Hardware, Cloud & AI Technologies based Virtual care Platforms for HCP Market. We are a US-focused Post revenue company with customers in 9 US States
and growing fast. We provide an excellent opportunity to Innovate and work on cutting-edge product technologies in a very fast-moving dynamic and empowered environment.
Role Overview
We are looking for a hands-on Cybersecurity Engineer who will proactively identify, assess, and remediate
security vulnerabilities across our technology stack — including application code, third-party libraries,
databases, network infrastructure, and cloud/on-premises environments. This is not a policy-only role;
you will be expected to get into the code, configurations, and systems to find and fix issues directly.
Key Responsibilities
- Vulnerability Identification & Remediation: Perform code reviews, static/dynamic analysis
(SAST/DAST), and dependency scanning to detect and fix vulnerabilities in application code and open-source libraries (e.g., Log4j, OpenSSL, etc.).
- Database Security: Audit database configurations, access controls, encryption at rest/in transit,and query patterns to prevent SQL injection, privilege escalation, and data leakage.
- Network Security: Assess and harden network architectures — firewalls, VPNs, segmentation,IDS/IPS, DNS, and zero-trust configurations. Conduct penetration testing at the network layer.
- Environment & Infrastructure Security: Review and secure cloud (AWS/Azure/GCP) and onpremises environments, including IAM policies, container security (Docker/Kubernetes), CI/CD pipelines, and infrastructure-as-code templates (Terraform, CloudFormation).
- Incident Response: Investigate security incidents, perform root cause analysis, and implement
corrective actions.
- Compliance & Standards: Ensure adherence to relevant cybersecurity frameworks and
regulations, and support audit and certification processes.
- Tooling & Automation: Build and maintain security automation — vulnerability scanners, SIEM
rules, alerting pipelines, and automated remediation workflows.
- Collaboration: Partner with engineering, DevOps, and platform teams to embed security into the
SDLC (shift-left security).
Required Qualifications
- 10+ years of hands-on experience in cybersecurity engineering, application security, or
infrastructure security.
- Demonstrable ability to read, review, and fix code in at least two of: Python, Java, Go,
JavaScript/TypeScript, C/C++.
- Deep knowledge of OWASP Top 10, CWE/CVE ecosystems, and common vulnerability patterns.
- Experience with vulnerability scanning and management tools (e.g., Snyk, SonarQube, Burp Suite,
Nessus, Qualys, Trivy).
- Hands-on experience securing relational and NoSQL databases (PostgreSQL, MySQL, MongoDB,
etc.).
- Strong understanding of network protocols (TCP/IP, TLS, DNS, HTTP) and network security
tooling (Wireshark, nmap, Suricata).
- Proficiency in securing cloud environments (AWS, Azure, or GCP) — including IAM, security
groups, VPC design, and cloud-native security services.
- Working knowledge of container and orchestration security (Docker, Kubernetes, service mesh).
Standards & Compliance Knowledge
Familiarity with one or more of the following is required:
- OWASP (Top 10, ASVS, SAMM)
- NIST Cybersecurity Framework (CSF) / NIST 800-53
- GDPR / CCPA (data protection and privacy)
