Sr. Security and compliance (SecOps and GRC)
Actively Reviewing the ApplicationsDoctusTech
Job Description
Job Title: Security and compliance Lead
Experience Required: 7 to 12 Years
Location: Remote (Permanent)
Employment Type: Full-time
About DoctusTech:DoctusTech is a fast-growing technology company focused on driving innovation in the US Healthcare domain. We build impactful, AI-driven solutions that solve real-world problems for our clients. Our team is agile, collaborative, and passionate about technology, and we're looking for people who share that same energy and commitment.
Role OverviewWe are hiring a Security Operations Lead to own and scale our hands-on security operations while supporting SOC 2 and HIPAA compliance in a cloud-native SaaS healthtech environment. This role is execution-focused, working closely with Engineering and DevOps to build, monitor, and continuously improve security controls.
Key Responsibilities🔐 Security Operations (80%)- Own day-to-day security operations for a SaaS platform running on AWS
- Design and manage logging, monitoring, SIEM, and alerting pipelines
- Lead incident response (triage, containment, RCA, post-incident reviews)
- Drive vulnerability management, penetration testing, and remediation tracking
- Own IAM, SSO, MFA, access reviews, and least-privilege enforcement
- Secure CI/CD pipelines and partner with DevOps on DevSecOps practices
- Implement and monitor cloud security controls (networking, encryption, secrets)
- Define and test IR playbooks and conduct tabletop exercises
- Act as escalation point for security events and customer incidents
- Support SOC 2 Type II audits by providing operational evidence
- Maintain HIPAA-aligned security controls in coordination with legal/compliance
- Assist with risk assessments and remediation planning
- Ensure security operations remain audit-ready at all times
- Partner with GRC teams/tools (Drata, Vanta, Secureframe)
- 7–12+ years in Security Operations / SecOps / Cloud Security
- Strong hands-on experience with AWS security
- Experience running or supporting SOC, IR, SIEM, vulnerability management
- Exposure to SOC 2 audits and HIPAA-regulated environments
- Strong understanding of SaaS security architecture
- Comfortable working in startup or scale-up environments
- Excellent communication with engineering and leadership teams
- Cloud: AWS (IAM, VPC, CloudTrail, GuardDuty, Security Hub)
- SIEM / Monitoring: Splunk, Sentinel, ELK, Datadog
- IAM: Okta / Azure AD / AWS SSO
- Vulnerability Mgmt: Nessus, Wiz, Prisma, Snyk
- GRC: Drata, Vanta, Secureframe
- Healthcare security experience (HIPAA, HITRUST exposure)
- DevSecOps experience in CI/CD pipelines
- Certifications: GCIH, GCED, AWS Security, CISM
- Experience supporting customer security reviews
- Fast and effective incident response with minimal customer impact
- Clear visibility into security posture and risks
- Security controls embedded into engineering workflows
- SOC 2 & HIPAA audits passed with no operational gaps
- Reduced vulnerabilities and faster remediation cycles
- Own security operations for a US healthtech SaaS platform
- High-impact, hands-on role (no checkbox-only compliance)
- Work closely with senior engineering and product leaders
- Opportunity to shape security maturity end to end
This role requires hands-on security operations experience. Pure GRC or audit-only profiles will not be a fit.
Required Skills
Quick Tip
Customize your resume and cover letter to highlight relevant skills for this position to increase your chances of getting hired.
Related Similar Jobs
View All
TechOps-SAP-MM-STAFF
EY
PRODUCT MANAGER L1
Wipro
Manager/Senior Manager - Product Marketing
Zenoti
Software Development Snr Director
Oracle
Commissioning Electrical Lead (Tianjin China)
Global Projects Services AG
Quick Apply
Upload your resume to apply for this position