Security Specialist (m/f/d) - Remote

About us:

At DrAnsay we are building digital medical services that make healthcare more accessible, efficient, and scalable. Our platform connects technology, medical expertise, and data‑driven decision‑making to deliver real value for patients and providers — at scale and across markets.

As a fast‑growing HealthTech company, Security is becoming a key pillar of our engineering organization — and you will play a central role in shaping it.

You will join a modern, cloud‑native environment built on:

Tech Stack:

TypeScript, Node.js, tRPC, gRPC, REST APIs
Postgres, Redis/BullMQ
Google Cloud Platform (GCP), Kubernetes
Prometheus, Grafana
iOS (Swift), Android (Kotlin/Java)

We are looking for a hands‑on Security Specialist who wants to bring their expertise into this stack and actively shape how security is embedded across architecture, development, and infrastructure.

Your Mission

Take ownership of application and cloud security across our services, APIs, mobile apps, and Kubernetes‑based GCP infrastructure, ensuring pragmatic, scalable, and developer‑friendly security standards.

You will work closely with engineering and leadership, contribute to architectural decisions, and have high visibility across the organization while remaining deeply hands‑on.

Your Responsibilities

• Conduct hands‑on penetration testing (Node.js/TypeScript, APIs, iOS/Android), including tools such as Burp Suite

• Identify and remediate vulnerabilities (e.g., auth bypass, injection, deserialization flaws)

• Define and implement secure API standards (JWT/OAuth, TLS/mTLS, validation, rate limiting, CORS)

• Harden infrastructure (Kubernetes/GCP, Postgres, Redis/BullMQ) and secure mobile applications

• Establish and continuously improve Secure SDLC practices (threat modeling, reviews, SAST/DAST in CI/CD)

• Implement automated monitoring (eBPF, Falco) and support incident response

• Contribute to GDPR, ISO 27001, and SOC 2 initiatives

This role offers a high level of ownership and autonomy. You will have the space to bring in your ideas, introduce pragmatic improvements, and shape security standards in a growing engineering organization.

Your Profile

• Solid hands‑on experience in application and/or cloud security

• Experience with Kubernetes and GCP

• Strong understanding of API security (OWASP API & Mobile Top 10)

• Experience securing Node.js/TypeScript systems

• Comfortable working independently and driving initiatives forward

Nice to have:

• CISSP, CKS, CCSP, OSCP | Container scanning | GCP IAM | Automation scripting

What We Offer

• Remote work & flexible setup

• Professional development & certification budget

• A role with real ownership and strong visibility

• High impact in a high‑growth environment