Description
YOUR TEAM
The IAM Team is a member of the Security Foundations Org within Nuna.
Security Foundations stands as the vanguard of technical excellence, championing security and efficiency to drive our continued success in the healthcare industry. Due to strict regulations on Protected Health Information (PHI), our org frequently partners with Compliance and Legal to ensure we are meeting the compliance standards of HIPAA and SOC2. The healthcare industry is a prime target for cyberattacks due to the value of medical data. Threat actors, including hackers and ransomware groups, are continually evolving their tactics, making it critical to stay ahead of security vulnerabilities. Healthcare data needs to be shared and accessed securely across our systems and with our customers. Ensuring secure data exchange and data access while maintaining data integrity and privacy is paramount to the success of Nuna. Striking a balance between ensuring data security and enabling efficient access for authorized users is a continuous goal of the Security Foundations Org.
Our mission as the IAM team is to ensure secure and seamless identity, authentication, access control, and auditing for our company's products and data. We are dedicated to enhancing our authorization mechanisms to meet cutting-edge industry standards. We build and maintain product user permissions and role based access controls, database access control policies, and a robust logging and auditing mechanism that tracks all events triggered in an authenticated session.
We empower Nuna application developers with the confidence that any access and changes made to the application and the data adhere to the same high standards of authorization security controls. With a customer-centric approach and a focus on continuous improvement, we deliver IAM solutions that enhance the user and developer experience and meet the highest security standards.
The technologies we work with heavily are AWS, Open Policy Agent, Snowflake, Auth0, Terraform, Python and BI-Tooling.
YOUR OPPORTUNITIES
- Developing and Enhancing Authentication Systems: Implementing and improving secure authentication mechanisms that support multiple factors (MFA), integrating with third-party identity providers, and ensuring that authentication processes are both secure and user-friendly.
- Role-Based Access Control (RBAC) Systems: Designing, implementing, and refining RBAC systems to ensure that users have access only to the resources necessary for their roles, enhancing the principle of least privilege across the organization.
- Fine-Grained Access Control: Working on systems that provide more nuanced access controls, beyond traditional role-based systems, to handle complex access scenarios and ensure precise control over who can access what resources under which conditions.
- Audit Logging and Monitoring: Building robust logging and auditing systems that track and record all authentication and authorization transactions. This includes developing tools for monitoring, analyzing, and reporting on these logs to detect and respond to suspicious activities quickly.
- Database Access Management: Implementing policies and controls to manage who can access various databases and under what conditions, including the development of secure methods for database querying and data access.
- API Security: Ensuring that all APIs dealing with authentication, authorization, and user data are secured according to best practices, including the use of OAuth, OpenID Connect, and other relevant standards.
- Identity Federation and Single Sign-On (SSO): Working on systems that allow users to securely access multiple applications and services with one set of credentials, improving the user experience while maintaining security standards.
- User Management and Lifecycle: Developing systems for creating, managing, and deactivating user accounts in a secure and efficient manner, including automating parts of the lifecycle where possible.
- Compliance and Standards Adherence: Ensuring that all IAM systems comply with relevant industry standards and regulations (such as HIPAA, SOC 2, HiTrust etc.), including conducting regular audits and updates to maintain compliance.
QUALIFICATIONS
Required Qualifications
- 4+ years of experience as a software engineer, with a focus on complex system design and development
- Expert programmer in one or more imperative programming languages such as Java, C++, Python, Go, JavaScript, etc
- Expert programmer in one or more declarative programming languages such as Terraform, Rego, Haskell, etc
- Experience in implementing identity access control on web and/or mobile applications
- Deep understanding of software design principles, algorithms, and data structures
- Experience with distributed systems, cloud computing, and scalable architectures
- Strong problem-solving and analytical skills, with a keen attention to detail
- Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams
- Proven track record of delivering high-quality software projects on time and within budget
- Ability to provide technical leadership and mentorship to other engineers
- Familiarity with software development methodologies like Agile or Scrum
Preferred Qualifications
- Bachelor's or Master's degree in Computer Science or a related field
- Knowledge of machine learning, AI, data mining techniques
- Contributes to open-source projects or publications in relevant conferences or journals
- Ability to adjust quickly to a fast-paced startup environment
- Familiarity with US Healthcare and a desire to improve it
We take into account an individual’s qualifications, skillset, and experience in determining final salary. This role is eligible for health insurance, life insurance, retirement benefits, participation in the company’s equity program, paid time off, including vacation and sick leave. The expected salary range for this position is $168,000 to $198,000. The actual offer will be at the company’s sole discretion and determined by relevant business considerations, including the final candidate’s qualifications, years of experience, and skillset.
#LI-FK1 #LI-Remote
Please mention the word **WARMHEARTED** and tag RNTQuMjQ1LjIwMy41Mw== when applying to show you read the job post completely (#RNTQuMjQ1LjIwMy41Mw==). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.