Information Security & Compliance Co-op

Who we are Zus Health is an early stage startup focused on accelerating digital health builders with a platform of healthcare-oriented, API-first services. We believe that now is the time for healthcare to change in this country and that modern technology infrastructure will help unleash that change. Our first customers will be innovative and hungry digital health startups. We're led by athenahealth's co-founder, Jonathan Bush, and a seasoned leadership team.

What we’re looking for

Security is central to Zus’s mission to bring information speed to health care. As part of our infrastructure and security team, you’ll contribute to development and hardening of our AWS cloud environments, assist product teams with service deployment and security improvements, participate in threat modeling and risk assessment activities, contribute to our SOC2 audit compliance program, along with other many aspects of powering a startup to success.

We’re looking for someone comfortable with tackling a diverse set of responsibilities and who can communicate effectively with the rest of the organization. This person will need to work full-time (~40 hours/week) from January to July and be in our Boston, MA office a few days per week.

As part of our team you will

• Help with Regulatory Compliance (SOC2), maintaining an auditable security posture
• Track KPI around security, and help steer the strategy of how the InfraSec team uses and responds to these signals
• Improve CI/CD tools integration/operations, and full automation of CI/testing
• Participate in Threat Modeling (STRIDE) sessions, and help document, capture, and prioritize remediation or improvements
• Cloud security (AWS): help improve security posture by researching and implementing configurations, fixes, or third-party services.
• Work with other engineering teams to develop or improve cloud infrastructure, remediate security vulnerabilities or improve logging, monitoring and metric capabilities.
• Help improve our engineering reliability and stability plan, including incident management and SLO monitoring

You're a good fit because you have...

• A passion for information, infrastructure, or cloud computing
• Experience with AWS compute and networking resources (ALB, S3, EC2, ECS, etc.)
• A desire to learn and steward Infrastructure-as-Code (we primarily use Terraform)
• Experience with continuous deployment
• Hands-on experience in configuring, operating, and monitoring CI/CD pipeline tools (we primarily use GitHub Actions and Datadog)
• A self-starter attitude that shows that you are ready for the fast, and sometimes unstructured, nature of an early stage startup, and can get things done independently
• General awareness and knowledge of cybersecurity principles
• Familiarity with Linux and the command line and coding: shell/bash, nodeJS, python (not necessary these languages, but the willingness to learn languages/frameworks to accomplish guided tasking)