Director – Application Security & Architecture

Posted on 10/25/2023

INACTIVE

1,001-5,000 employees

Genetic testing medical care company

Company Overview

Invitae believes that good health is possible—and that genetic information has the ability to transform the way medicine is practiced, making what once seemed impossible possible, as they empower people to make decisions about their health through the power of genetics.

AI & Machine Learning

Robotics & Automation

Biotechnology

Company Stage

IPO

Total Funding

$2.5B

Founded

2010

Headquarters

San Francisco, California

Growth & Insights

Headcount

6 month growth

↓ -6%

1 year growth

↓ -19%

2 year growth

↓ -32%

Locations

Remote in USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Development Operations (DevOps)

Docker

Management

Splunk

Kubernetes

TCP/IP

CategoriesNew

IT & Security

DevOps & Infrastructure

Requirements

Minimum 7+ years of experience in Information Security with an emphasis on leading security personnel to secure applications, networks and systems
Proven experience as a hands-on leader of highly technical IT architects and engineers
Strategic thinker, translates strategy into actionable plans
Strong hands on experience in Application, Network, System and Cloud Security Architecture design and review
Proven ability to design end-to-end security solutions across large enterprise IT ecosystems
Proven experience leading implementation programs for improving network security, including segmentation, zero trust implementations, perimeter and endpoint defense, proactive monitoring, and active response
Experience breaking down complex systems and applications to find relevant security risks
Significant experience with industry known common vulnerabilities and attack vectors
Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
Solid understanding of AWS architecture and services
Deep understanding of container architectures for cloud services
Detailed understanding of Microsoft Active Directory, Identity and Auth services, DNS, DHCP and email infrastructure design and security
Deep understanding of VPN, PKI, IPAM and MFA technologies required
Proven ability to succinctly communicate complicated technical security issues and the risks they pose to R&D programmers, DevOps engineers, system administrators and upper management
Hands-on ability to troubleshoot issues on security platforms
Understanding of application and operating system hardening, vulnerability assessments, security auditing, TCP/IP & network fundamentals, intrusion detection systems, firewalls, VPNs, WAFs
Familiarity with security frameworks such as NIST CSF, NIST 800-53, SCF, OWASP
Working knowledge of and experience in policy and process creation and management
Demonstrated expertise designing and running security solutions with the following tools: vulnerability scanners, forensics software, SIEM, HIDS/NIDS, IPS, malware analysis and protection, content filtering, logical access controls, physical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, security incident response techniques
Experience with secure network firewall, application firewall, and DDoS prevention technologies

Responsibilities

Performing security design reviews to assess security implications for proposed new product features and functionality that could expose risk of data loss or breach within the cloud-hosted service platform, especially as it relates to the back end architecture for data storage and transmission
Managing the Application Security program and team, assist in conducting software security assessments including threat modeling, security control reviews and vulnerability assessments
Working with application and functional teams across the business to incorporate a security mindset throughout software development life cycle from concept to testing and implementation
Working closely with server, network, and business teams during incident response events to speed remediation
Identifying and assessing design and operational vulnerabilities in web application, network and system topologies
Evaluating and recommending technologies that could improve current systems and ensure that plans for security technologies integrate with existing solutions and do not introduce any security vulnerabilities
Designing and implementing a comprehensive data protection strategy designed to enforce technical and organizational measures to protect intellectual property, confidential information and sensitive in scope protected data (PII and PHI) for clients and customers
Working with product owners, business stakeholders, business analysts and engineering teams to review security requirements and approve / modify designs as needed
Advising on data security issues, compliance, and privacy requirements including, but not limited to HIPAA, HITRUST, SOC2, SOX,and ISO 27001
Partners with peers across the information security organization to identify new innovations, capabilities, and solutions that improve the security posture of the company
Mentor, empower, and develop a team of cybersecurity engineers
Leads with integrity, purpose, and with a leadership mindset
Interacts with team members, IT peers, and IT leaders to drive win-win outcomes across the security landscape
Collaborate with Product Architects to align team with strategies, departmental goals, and execution efforts
Taking a lead role in conducting security research on threats and remediation techniques/technology and making recommendations for implementation
Providing oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls
Ensuring applications, networks, systems and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to HIPAA, HITRUST, SOC2, SOX,and ISO 27001 controls and the corporate Information Security Policies
Analyzing infrastructure, networking and system designs from a security perspective and providing recommendations and approvals for implementation decisions
Assisting in the development and automation of threat management, vulnerability management, and incident management processes

Desired Qualifications

At least one security related certification, such as CISSP, GIAC, CompTIA Security+, required. CISSP strongly preferred
Deep understanding of Kubernetes and Docker containerization preferred
Hands-on technical proficiency with IDS/IPS and SIEM tools. Splunk and Graylog expertise are highly preferred
Demonstrated ability to facilitate automation and integration through scripting highly preferred
Experience in DevOps environments and maintaining security in CI/CD processes highly desired
Deep understanding of GSuite and Okta highly desirable
Knowledge of technical security control environments and compliance frameworks such as CSA CCM, ISO 270001 and SOC 2, etc. Experience supporting HITRUST and HIPAA highly desirable

Invitae (NYSE: NVTA) is a leading medical genetics company trusted by millions of patients and their providers to deliver timely genetic information using digital technology. We aim to provide accurate and actionable answers to strengthen medical decision-making for individuals and their families. Invitae’s genetics experts apply a rigorous approach to data and research, serving as the foundation of their mission to bring comprehensive genetic information into mainstream medicine to improve healthcare for billions of people.

Director, Application Security & Architecture

Invitae is a healthcare technology company that leverages genetic information to empower doctors and patients to make informed medical decisions. Our software engineers work on a variety of projects ranging from innovations in healthcare systems to taming the chaos of biology. We’re constantly improving our tools and technologies to deliver the highest quality actionable information for the patient.

Our Information Security Team is pushing the envelope on shift left strategies to ensure all software development and IT operations at Invitae adhere to security best practices from inception to implementation. We are focused on driving security strategy and improving security maturity for the organization. This position is a leadership role that requires an individual with a strong technical background, as well as an ability to partner and influence various technology and business operations teams to align on security priorities, strategies, and roadmaps.

Key Responsibilities:

Performing security design reviews to assess security implications for proposed new product features and functionality that could expose risk of data loss or breach within the cloud-hosted service platform, especially as it relates to the back end architecture for data storage and transmission
Managing the Application Security program and team, assist in conducting software security assessments including threat modeling, security control reviews and vulnerability assessments
Working with application and functional teams across the business to incorporate a security mindset throughout software development life cycle from concept to testing and implementation
Working closely with server, network, and business teams during incident response events to speed remediation
Identifying and assessing design and operational vulnerabilities in web application, network and system topologies
Evaluating and recommending technologies that could improve current systems and ensure that plans for security technologies integrate with existing solutions and do not introduce any security vulnerabilities
Designing and implementing a comprehensive data protection strategy designed to enforce technical and organizational measures to protect intellectual property, confidential information and sensitive in scope protected data (PII and PHI) for clients and customers
Working with product owners, business stakeholders, business analysts and engineering teams to review security requirements and approve / modify designs as needed
Advising on data security issues, compliance, and privacy requirements including, but not limited to HIPAA, HITRUST, SOC2, SOX,and ISO 27001
Partners with peers across the information security organization to identify new innovations, capabilities, and solutions that improve the security posture of the company
Mentor, empower, and develop a team of cybersecurity engineers
Leads with integrity, purpose, and with a leadership mindset
Interacts with team members, IT peers, and IT leaders to drive win-win outcomes across the security landscape
Collaborate with Product Architects to align team with strategies, departmental goals, and execution efforts
Taking a lead role in conducting security research on threats and remediation techniques/technology and making recommendations for implementation
Providing oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls
Ensuring applications, networks, systems and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to HIPAA, HITRUST, SOC2, SOX,and ISO 27001 controls and the corporate Information Security Policies
Analyzing infrastructure, networking and system designs from a security perspective and providing recommendations and approvals for implementation decisions
Assisting in the development and automation of threat management, vulnerability management, and incident management processes

Requirements

Minimum 7+ years of experience in Information Security with an emphasis on leading security personnel to secure applications, networks and systems
Proven experience as a hands-on leader of highly technical IT architects and engineers.
Strategic thinker, translates strategy into actionable plans
Strong hands on experience in Application, Network, System and Cloud Security Architecture design and review
Proven ability to design end-to-end security solutions across large enterprise IT ecosystems
Proven experience leading implementation programs for improving network security, including segmentation, zero trust implementations, perimeter and endpoint defense, proactive monitoring, and active response
Experience breaking down complex systems and applications to find relevant security risks
Significant experience with industry known common vulnerabilities and attack vectors
Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
Solid understanding of AWS architecture and services
Deep understanding of container architectures for cloud services
Detailed understanding of Microsoft Active Directory, Identity and Auth services, DNS, DHCP and email infrastructure design and security
Deep understanding of VPN, PKI, IPAM and MFA technologies required
Proven ability to succinctly communicate complicated technical security issues and the risks they pose to R&D programmers, DevOps engineers, system administrators and upper management
Hands-on ability to troubleshoot issues on security platforms
Understanding of application and operating system hardening, vulnerability assessments, security auditing, TCP/IP & network fundamentals, intrusion detection systems, firewalls, VPNs, WAFs
Familiarity with security frameworks such as NIST CSF, NIST 800-53, SCF, OWASP
Working knowledge of and experience in policy and process creation and management
Demonstrated expertise designing and running security solutions with the following tools: vulnerability scanners, forensics software, SIEM, HIDS/NIDS, IPS, malware analysis and protection, content filtering, logical access controls, physical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, security incident response techniques
Experience with secure network firewall, application firewall, and DDoS prevention technologies

Preferred qualifications

At least one security related certification, such as CISSP, GIAC, CompTIA Security+, required. CISSP strongly preferred.
Deep understanding of Kubernetes and Docker containerization preferred
Hands-on technical proficiency with IDS/IPS and SIEM tools. Splunk and Graylog expertise are highly preferred.
Demonstrated ability to facilitate automation and integration through scripting highly preferred.
Experience in DevOps environments and maintaining security in CI/CD processes highly desired
Deep understanding of GSuite and Okta highly desirable
Knowledge of technical security control environments and compliance frameworks such as CSA CCM, ISO 270001 and SOC 2, etc. Experience supporting HITRUST and HIPAA highly desirable

This salary range is an estimate, and the actual salary may vary based on a wide range of factors, including your skills, qualifications, experience and location. This position is eligible for benefits including but not limited to medical, dental, vision, life insurance, disability coverage, flexible paid time off, Spring Health, Carrot Fertility, participation in a 401k with company match, ESPP, and many other additional voluntary benefits. Invitae also offers generous paid leave programs so you can spend time with your new child, recover from your own illness or care for a sick family member.

California Pay Range

$181,200—$235,500 USD

Please apply even if you don’t meet all of the “What you bring” requirements noted. It’s rare that someone checks every single item, it’s ok, we encourage you to apply anyways.

Join us!

At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

We truly believe a diverse workplace is crucial to our company’s success and to better serve our diverse patients. Your input is especially valuable. We’d greatly appreciate it if you can take a quick moment to make your selection(s) below. Submissions will be anonymous.

You can find a detailed explanation of our privacy practices here.