Cloud Security Architect (remote)

About Freenome 

Freenome is a high-growth biotech company on a mission since 2014 to create tools that empower everyone to prevent, detect, and treat their disease.  To achieve this mission, Freenome is developing next-generation blood tests to detect cancer in its earliest, most treatable stages using our multiomics platform and machine learning techniques. Our first blood test will detect early-stage colorectal cancer and advanced adenomas.

About the Role

As a Cloud Security Architect, you will help protect our GCP Platform as well as the data and programs stored in our environments. You and the other Security staff will lead the security vision and strategy for our applications across Infrastructure, Platform and Software as a Service.  You will act as an Information Security representative with your peers across all lines of business and central teams.

Your contribution:

• Design security architectures for cloud and hybrid environments with appropriate security controls.
• Provide domain expertise around public cloud and enterprise technology.
• Make recommendations on enhancements to existing and new security software or related tools.
• Help implement and maintain next-generation enterprise protection tools and malware detection technologies.
• Ensure security standard methodologies are identified and integrated into all facets of projects including network, system designs/configuration and implementations.
• Develop security architecture strategies that align to enterprise architecture strategy and that of the business strategy for our cloud environment.
• Develop in depth security architecture standards, frameworks and design patterns spanning all layers of security in the cloud from host, server and network to application and data security.
• Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risk and recommends solutions to mitigate them.
• Perform internal audits and vulnerability assessments.
• Perform IT risk assessments, incident investigations, root cause analyses, and forensics.
• Partner with internal teams to ensure successful security and compliance programs that align with client and regulatory compliance requirements.
• Assist with remediation of control deficiencies identified during the audit process.
• Develop technical solutions to help mitigate security vulnerabilities.

Your background, perspective and experience: 

• 5+ years professional experience including security, risk management, compliance, and privacy of non-public personal data.
• Experience with most security domains, privacy risk assessments and audits of general security controls.
• 2-4 years’ experience in cloud architecture and security (GCP a must; AWS and Azure nice to have).
• Experience securing, architecting, designing, and implementing highly distributed global cloud-based environments, specifically in GCP.
• Experience with structured secure enterprise architecture practices, hybrid cloud environments and on-premises to cloud roadmaps.
• Ability to collaborate across organizational boundaries, build relationships and achieve broader organizational goals.
• Knowledge of logging and aggregation tools, open-source and commercial.
• Experience working with and securing of virtual machines and containers (Docker, Kubernetes).
• Good working knowledge of infrastructure security concepts including firewalls, DMZs, intrusion detection/prevention systems, network security, application security concepts, password management, RBAC, access provisioning, SIEM and OWASP.
• Experience with the phases of the software development lifecycle.
• Experience with common vulnerability scanning and penetration testing tools.
• Knowledge of common computer security issues, including network and application vulnerabilities.
• Knowledge of Linux and its security.

Competencies:

• Interpersonal skills and team player to maintain collaborative relationships throughout the company and with customers.
• Attention to detail, especially with written work such as legal contracts and customer-facing communications.
• Ability to think and work analytically.
• Ability to work independently.
• Ability to automate tasks by scripting.
• Ability to document policies, procedures, and technical diagrams.
• Ability to manage a substantial unplanned workload with short deadlines.
• Must be capable of working with limited direct supervision.
• Experience with enterprise security management and operations.
• A systematic problem-solving approach, coupled with effective communication skills and a sense of ownership and drive.

Nice to Haves:

• Practical experience with security-related compliance / regulatory standards (e.g., HIPAA, HITRUST, NIST, ISO 27001, GDPR, PCI DSS).
• One or more relevant industry certifications: Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Healthcare Information Security and Privacy Practitioner (HCISPP), Certified HIPAA Privacy Security Expert (CHPSE).
• Security, encryption, and certificate management.
• Knowledge about Zero Trust implementation.
• Genomics or bioinformatics background.

COVID safety:

As a condition of employment, you agree to know and comply with our COVID-19 vaccination policy requiring all employees who work on-site and/or attend work-related events to be fully vaccinated and to receive a COVID-19 booster once eligible. Company employees working on-site are required to be fully vaccinated for COVID-19 and to receive a COVID-19 booster once eligible, unless a reasonable accommodation is approved or as otherwise required by law. Absent a reasonable accommodation or legal exception, you agree to provide proof of your vaccination status and to be fully vaccinated by your first day on-site, in accordance with our policy.  If you are currently eligible for a COVID-19 booster, you also agree to provide proof of having received a booster.  If you are not yet eligible for a COVID-19 booster, you must provide proof of receiving a booster within two weeks of becoming eligible.

Freenome is proud to be an equal opportunity employer and we value diversity. Freenome does not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

Funding

We have raised more than $1.1B from leading investors including Perceptive Advisors, RA Capital Management, Roche Venture Fund, Kaiser Permanente, Novartis and the American Cancer Society’s BrightEdge Ventures. 

Freenomers

A ‘Freenomer’ is a mission-driven employee who is fueled by the opportunity to make a positive impact on patients' lives, who thrives in a culture of respect and cross collaboration, and whose work makes a significant impact on the company and their career. 

Freenomers are technical, creative, visionary, grounded, empathetic and passionate. We build teams around divergent expertise, allowing us to solve problems and ascertain opportunities in unique ways. Freenomers are some of the most talented experts in their fields, joining together to advance healthcare, one breakthrough at a time. 

Benefits include but are not limited to:

• Competitive compensation 
• Pre-IPO equity
• Flexible PTO (exempt) and generous PTO (non-exempt) 
• Comprehensive health coverage, including medical, dental, and vision 
• Wellness and mental health resources, including Employee Assistance Programs (EAPs), Paid maternity and paternity leave
• 401(k) plan 
• $250.00 new hire stipend to enhance your home office experience
• Plus, a variety of other perks, including pre-tax commuter benefits, two paid volunteer days per year, pet insurance, and additional discounts 

# # # 

Applicants have rights under Federal Employment Laws.  

• Family & Medical Leave Act (FMLA)

• Equal Employment Opportunity (EEO)

• Employee Polygraph Protection Act (EPPA)

Notice to agencies:

Our in-house Talent Acquisition Team manages all employment opportunities at Freenome.  Agencies and independent recruiters must be approved as a vendor by Freenome’s Talent Acquisition team before submitting candidates to any Freenome employee. 

We do not accept unsolicited resumes or biographies from agencies under any circumstances. Any unsolicited resumes sent to Freenome, including those sent to a Freenome email address or directly to Freenome employees, will be considered Freenome property. Freenome will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume. Freenome will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. 

Please do not contact Freenome employees directly. Compliance with this request will impact our decision to work with you. 

###

#LI-Remote, #LI-Onsite, #LI-Hybrid