Doximity is transforming the healthcare industry. Join our mission to help every physician be more productive and provide better care for their patients. As medicine's largest network in the United States, there's an elevated level of responsibility in everything we do. We don't take that responsibility lightly and are committed to building diverse teams with an inclusive culture that can make a direct impact on the healthcare system.
One of Doximity's core values is stretching ourselves. Even if you don't check off all the boxes below we encourage you to apply. Doximity is full of exceptional people who bring their own unique experiences to work everyday and make us all better for it!
This role can be filled in our San Francisco headquarters OR remotely in either the US, Mexico, Brazil or Canada.
Here's How You Will Make an Impact
- Active involvement in design of end to end architecture and implementation of solutions which improve our overall security posture
- Research and evaluate current and emerging threats to the entire stack for vulnerabilities, risks, external intrusions, attacks, and hacks
- Create, execute, and support company wide security improvement initiatives while coordinating with various departments as needed
- Assist in maintaining bug bounty program hosted on hackerone by directly engaging security researchers and awarding bounties
- Perform security reviews of current and potential vendor relationships
- Participate in team specific on-call rotation (Primary roughly 1 week per month)
- Create concise post-mortems for incidents and outages
- Write and maintain technical run-books and training for other engineers
- Help to improve monitoring, alerting, and reporting
What we’re looking for
- You’re a software engineer with years of experience and a deep understanding of software engineering practices.
- You either have experience with security or really want to dive in headfirst and learn.
- You are not afraid of:
- Reading, reviewing, and implementing our implementation of the oauth spec.
- Getting dirty with CORS, CSRF, XSS, etc
- You’re proficient in:
- Ruby, Python, or Golang. Not afraid to learn the rest.
- Javascript
- You are comfortable working with Linux/Unix, cloud environments, and Git
- You are self-motivated and able to manage yourself and your own queue.
- You are a problem solver with a passion for simple, clean, and maintainable solutions.
- You agree that concise and effective written and verbal communication is a must for a successful team.
- You are able to maintain a minimum of 5 hours overlap with 9:30 to 5:30 PM Pacific time.
- You can dedicate about two weeks per year for travel to company events.