Senior Security Engineer

Embark on a pivotal journey with Jane as our new Senior Security Engineer for our Cybersecurity team where your expertise in penetration testing security tooling and standards will not only fortify our digital fortress but also transform our security culture. In this vital role you'll help lead technical initiatives enlighten our team with your knowledge and carve out our path to running in-house penetration tests (along with other automated security practices) all while being a beacon of cybersecurity wisdom. You will engage and educate our users by demonstrating real-time penetration testing and secure coding practices thereby fostering a deeper understanding of cybersecurity. Your mission will be to elevate our security posture instill best practices and ensure that our commitment to safeguarding data is more than just a standard—it’s part of our vision to be both trusted and helpful to our customers. If you are passionate about offensive security and have a strong desire to protect critical systems from potential threats we would love to hear from you!

Like with all positions at Jane this position is a remote position allowing you to work anywhere you want across Canada. Building a delighted team who can delight our customers is part of Jane’s DNA. In our most recent company-wide health check 99% of our team agreed that our founders demonstrate people are important to Jane’s success. On top of that 98% of our team felt Manager cares about them as human beings and that they are supported when needing to arrange time off from work. We’d never claim to be perfect but we’re working hard to listen to our people and improve each day.

We really want the people who work at Jane to love being here so it's important that we start with a bit about what makes our company unique and try to be as transparent as possible. Our values also provide some insights into Jane and hopefully you’ll have a better idea if this might be the kind of company you want to be part of.

Before we were Jane our Co-Founders were solving problems for their own clinics not realizing that a few years later this team would grow to support tens of thousands of healthcare practices in more than 60 countries. Our platform is now helping to modernize the world of practice management software. We enable the likes of physiotherapists mental health counsellors chiropractors and other allied health practitioners to run their practices in a digital-first way through features such as online booking charting scheduling telehealth and billing along with an evolving library of features. You can see more of them here . Although we’ve grown still to this day we’re rooted in solving clinics’ problems and making sure we don’t lose sight of Jane’s vision.

We have remained profitable for the past seven years we’re product-led and growing organically (and responsibly) to the point where 85% of our customer growth is either from customer referrals or word of mouth. Growth like this is unique especially in the world of SaaS and it doesn’t happen by chance. We have a brilliant team of over 400 Janers who are doing an amazing job of listening to our customers building what they need and providing industry-leading support. We pride ourselves on flexibility & autonomy some of our team block out their calendars to pick up their children from school (and this is normal at Jane) and we even have a #kids channel in Slack.

We’re not a clock-in clock-out system-type environment. With that being said we’re not going to paint the picture of a perfect environment either. We’re a company that’s scaling quickly we have many moving parts many of us are doing this for the first time and sometimes we don’t have processes in place or clear views which can require a lot of resourcefulness and a passion for problem-solving.

With all that to say if you’re looking for an environment where you can grow stretch yourself and work with some incredibly talented people on problems that are positively impacting people's lives Jane could be the place for you.

Jane’s committed to paying our team members fairly clearly and above all paying for growth. This role has a minimum annual salary of $117100 and a maximum annual salary of $182900. As you may have noticed this salary range is quite large and this is intentional to account for the growth someone will experience in the role throughout their time at Jane (i.e. from building the skills to accomplished to highly proficient all the way to achieving excellence in the role). When hiring talented folks to join the Jane team we’ve found that new team members are best set up for success when hired with the expectation of being fully accomplished in the role which for this role would reflect a salary between $139000 to $ $146300.

It's also possible to join Jane at a salary above or below this which would mean a salary below $139000 typically reflects someone who has all the potential to be fully accomplished in the role but doesn't yet possess all the skills required while a salary above $146300. It's typically for individuals who are currently in this role at Jane and had the opportunity to make a significant positive impact on our customers product and company with deep Jane knowledge. At Jane we pay for growth which means that you’ll continue to have conversations about your career development with your manager and see your compensation grow over time as you build an amazing career with us.

Paying clearly is one of our compensation fundamentals to help folks build trust in the compensation process at Jane. To better understand Jane’s compensation fundamentals and how this range is determined click on this link here for a short video walkthrough of how it all works! We also welcome you to ask as many questions as you’d like about compensation throughout the interview process to ensure you feel confident and build trust through the process.

More information on Jane's benefits package can be found here

The impact you could have…

• As a Senior Security Engineer at Jane you will contribute to our security operations by performing security assessments including penetration testing vulnerability scanning and basic threat analysis. You will use a variety of tools to assess the security measures in place and identify areas needing enhancement.

• You will conduct tactical assessments that require expertise in social engineering application security (web and mobile) physical methods lateral movement threat analysis internal and external network architecture and a wide array of commercial products.

• You will assist in the development and execution of strategies to identify triage and remediate vulnerabilities. You will design and implement attack scenarios to simulate real-world threats allowing the identification and remediation of gaps in our systems and infrastructure.

• You will conduct detailed threat modelling exercises and assess and mitigate risks by conducting security assessments to identify vulnerabilities and suggesting remedial action to mitigate risks.

• You will get to share your knowledge through demonstrating real-time penetration testing demonstrations illustrating how systems can be compromised as part of education outreach to enhance our team’s understanding of potential security vulnerabilities and the necessary countermeasures.

• You will support security initiatives that aid in the development of security strategies and implementing a subset of these strategies under guidance from senior team members.

• You will help support incident response and detection efforts. You will assist in the development of detection mechanisms monitoring security alerts and participating in incident response.

• You’ll get to collaborate with various teams including software development and IT to implement basic security controls and measures that support the security framework of the organization.

• You will get to train offensive and defensive colleagues on new tactics techniques and procedures (TTPs) and mentor junior teammates.

• You will stay informed about new security trends tools and practices to help maintain and enhance the security posture of the organization. You’ll get to engage in continuous professional development through research and applying new knowledge to daily tasks.

The experience we feel we need:

• Relevant Experience: Experience in security functions such as penetration testing and vulnerability assessment. In particular experience testing RESTful and SOAP APIs for security vulnerabilities authentication and authorization flaws and injection attacks. As well as ability to conduct detailed threat modelling and risk assessments.

• Technical Proficiency: Familiarity with common programming languages like Python or Bash for security tasks and experience with testing frameworks and tools such as Burp Suite Metasploit Cobalt Strike Kali Linux and PowerShell Empire. Ability to automate security processes and workflows integrating security tools into CI/CD pipelines.

• Certifications: Certifications like OSCP OSCE GPEN and CEH are preferred but not mandatory.

• Analytical Skills: Good problem-solving skills with a capability to analyze and prioritize risks in various systems.

• Communication: Strong communication skills to articulate security issues and collaborate effectively within the team and to convert complex penetration testing scenarios into engaging narratives.