DevSecOps Engineer

Company Description

Redica Systems is a SaaS start-up serving more than 200 customers within the life science sector, with a specific focus on Pharmaceuticals and MedTech. Embracing a hybrid model, our workforce is distributed globally, with headquarters in Pleasanton, CA.
Redica's data analytics platform empowers companies to improve product quality and navigate evolving regulations. Using proprietary processes, we harness one of the industry's most comprehensive datasets, sourced from hundreds of health agencies and the Freedom of Information Act.
Our customers use Redica Systems to more effectively and efficiently manage their inspection preparation, monitor supplier quality, and perform regulatory surveillance. More information is available at redica.com.

Job Description

The Role

We‘re seeking a security professional with 4-6 years of experience in securing cloud infrastructure, automating compliance processes, and managing risks to support SOC 2, ISO 27001, and GDPR standards. This role emphasizes integrating security into CI/CD pipelines, mitigating vulnerabilities, and ensuring AWS environments maintain the highest security benchmarks.

Key Responsibilities

• Integrate security measures within AWS CI/CD pipelines (e.g., Code Pipeline, Code Build, Code Deploy). Manage Infrastructure as Code (IaC) using Terraform and CloudFormation with encryption and least privilege principles.

• Deploy and monitor AWS security tools such as GuardDuty, WAF, Shield, Security Hub, and Inspector. Ensure container security across ECS/EKS environments.

• Automate vulnerability management, patching, and antimalware solutions. Enforce robust IAM policies, SSO, MFA, and secrets management practices.

• Support SOC 2, ISO 27001, and GDPR compliance audits and risk assessments. Implement and manage monitoring and logging tools like CloudWatch, CloudTrail, and SIEM systems.

• Develop risk management frameworks and automate incident response processes. Draft, review, and implement cybersecurity and information security policies.

• Collaborate with stakeholders to ensure readiness of controls for non-security domains such as HR systems, application infrastructure, and data engineering infrastructure.

Qualifications

About You

• Tech Savvy: Effectively anticipates and adopts innovations in business-building technology solutions, staying up-to-date with advancements and incorporating them into work processes

• Manages Complexity: Actively synthesizes solutions from complex information by identifying patterns and developing effective problem-solving strategies

• Decision Quality: Consistently makes good and timely decisions that propel the organization forward and keep the organization's DevOps processes running smoothly and efficiently

• Optimizes Work Processes: Actively seeks opportunities to enhance and streamline current work processes for deploying and maintaining tech/applications

• Nimble Learning: Engages in experimentation, learns from both successes and failures and uses those insights to refine problem-solving skills, staying up-to-date with evolving SaaS technologies and practices

• Engaged: Not only shares our values but also possesses the essential competencies needed to thrive at Redica, as outlined here.

Qualifications

• BA/BS degree in CS or a related technical field, or equivalent practical experience

• 4-6 years of experience in securing cloud infrastructure, automating compliance processes, and managing risks to support SOC 2, ISO 27001, and GDPR standards

• Cloud Security: Proficiency in AWS Security services, including GuardDuty, WAF, Inspector, Security Hub, VPC, IAM

• Infrastructure as Code: Hands-on experience with Terraform, CloudFormation, AWS Config, Control Tower 

• CI/CD Tools: Familiarity with AWS Code Pipeline, Jenkins, and GitHub for secure software delivery

• Compliance Frameworks: Strong understanding of SOC 2, ISO 27001, GDPR, NIST, CIS AWS Benchmarks

• Antimalware Solutions: Experience with TrendMicro, and GuardDuty for threat detection and prevention

Additional Information

If you possess a strong inner drive and a genuine passion for safeguarding cloud infrastructure, automating compliance procedures, and effectively managing risks to uphold crucial security standards such as SOC 2, ISO 27001, and GDPR, we strongly encourage you to submit your application for this exciting and fulfilling career opportunity. By joining our team, you will have the chance to work alongside experienced professionals, learn from industry leaders, and advance your career in the rapidly evolving field of DevSecOps.We offer competitive salaries, comprehensive benefits packages, and a dynamic work environment where you can grow and develop your skills.
Top Pharma Companies, Food Manufacturers, MedTech Companies, and Service firms from around the globe rely on Redica Systems to mine and process government inspection, enforcement, and registration data to quantify risk signals about their suppliers, identify market opportunities, benchmark against their peers, and prepare for the latest inspection trends. Major media outlets such as MSNBC, WSJ, and the Boston Globe have cited our data and analytics.
We are committed to creating a diverse and inclusive workplace where everyone feels welcomed and valued. We believe diversity of perspectives, backgrounds, and experiences is essential to our success. We are always looking for talented individuals who can bring unique skills and perspectives to our team.
All your information will be kept confidential according to EEO guidelines.