Security Analyst (m/f/d) - Remote

About Us:

At DrAnsay weare building digital medical services that make healthcare more accessible, efficient, and scalable. Our platform connects technology, medical expertise, and data-driven decision-making to deliver real value for patients and providers - at scale and across markets.

As a fast-growing HealthTech company, Security is becoming a key pillar of our engineering organization - and you will play a central role in shaping it.

You will join a modern, cloud-native environment built on:

Tech Stack:

• TypeScript, Node.js, tRPC, gRPC, REST APIs
• Postgres, Redis/BullMQ
• Google Cloud Platform (GCP), Kubernetes
• Prometheus, Grafana
• iOS (Swift), Android (Kotlin/Java)

We are looking for a hands‑on Security Specialist who wants to bring their expertise into this stack and actively shape how security is embedded across architecture, development, and infrastructure.

Your Mission:

Take ownership of application and cloud security across our services, APIs, mobile apps, and Kubernetes-based GCP infrastructure, ensuring pragmatic, scalable, and developer-friendly security standards.

You will work closely with engineering and leadership, contribute to architectural decisions, and have high visibility across the organization while remaining deeply hands‑on.

Your Responsibilities:

• Conduct hands‑on penetration testing (Node.js/TypeScript, APIs, iOS/Android), including tools such as Burp Suite
• Identify and remediate vulnerabilities (e.g., auth bypass, injection, deserialization flaws)
• Define and implement secure API standards (JWT/OAuth, TLS/mTLS, validation, rate limiting, CORS)
• Harden infrastructure (Kubernetes/GCP, Postgres, Redis/BullMQ) and secure mobile applications
• Establish and continuously improve Secure SDLC practices (threat modeling, reviews, SAST/DAST in CI/CD)
• Implement automated monitoring (eBPF, Falco) and support incident response
• Contribute to GDPR, ISO 27001, and SOC 2 initiatives

This role offers a high level of ownership and autonomy. You will have the space to bring in your ideas, introduce pragmatic improvements, and shape security standards in a growing engineering organization.

Your Profile:

• Solid hands‑on experience in application and/or cloud security
• Experience with Kubernetes and GCP
• Strong understanding of API security (OWASP API & Mobile Top 10)
• Experience securing Node.js/TypeScript systems
• Comfortable working independently and driving initiatives forward

Nice to have:

• CISSP, CKS, CCSP, OSCP | Container scanning | GCP IAM | Automation scripting

What We Offer:

• Remote work & flexible setup
• Professional development & certification budget
• A role with real ownership and strong visibility
• High impact in a high-growth environment