Security Specialist (m/f/d) – Remote

About us:

At DrAnsay we are building digital medical services that make healthcare more accessible, efficient, and scalable. Our platform connects technology, medical expertise, and data-driven decision-making to deliver real value for patients and providers — at scale and across markets.

As a fast-growing HealthTech company, Security is becoming a key pillar of our engineering organization — and you will play a central role in shaping it.

You will join a modern, cloud-native environment built on:

Tech Stack:
TypeScript, Node.js, tRPC, gRPC, REST APIs
Postgres, Redis/BullMQ
Google Cloud Platform (GCP), Kubernetes
Prometheus, Grafana
iOS (Swift), Android (Kotlin/Java)

We are looking for a hands-on Security Specialist who wants to bring their expertise into this stack and actively shape how security is embedded across architecture, development, and infrastructure.

Your Mission:

Take ownership of application and cloud security across our services, APIs, mobile apps, and Kubernetes-based GCP infrastructure, ensuring pragmatic, scalable, and developer-friendly security standards.

You will work closely with engineering and leadership, contribute to architectural decisions, and have high visibility across the organization while remaining deeply hands-on.

Your Responsibilities:

• Conduct hands-on penetration testing (Node.js/TypeScript, APIs, iOS/Android), including tools such as Burp Suite

• Identify and remediate vulnerabilities (e.g., auth bypass, injection, deserialization flaws)

• Define and implement secure API standards (JWT/OAuth, TLS/mTLS, validation, rate limiting, CORS)

• Harden infrastructure (Kubernetes/GCP, Postgres, Redis/BullMQ) and secure mobile applications

• Establish and continuously improve Secure SDLC practices (threat modeling, reviews, SAST/DAST in CI/CD)

• Implement automated monitoring (eBPF, Falco) and support incident response

• Contribute to GDPR, ISO 27001, and SOC 2 initiatives
  

This role offers a high level of ownership and autonomy. You will have the space to bring in your ideas, introduce pragmatic improvements, and shape security standards in a growing engineering organization.

Your Profile:

• Solid hands-on experience in application and/or cloud security

• Experience with Kubernetes and GCP

• Strong understanding of API security (OWASP API & Mobile Top 10)

• Experience securing Node.js/TypeScript systems

• Comfortable working independently and driving initiatives forward
  

Nice to have:

• CISSP, CKS, CCSP, OSCP | Container scanning | GCP IAM | Automation scripting

What We Offer:

• Remote work & flexible setup

• Professional development & certification budget

• A role with real ownership and strong visibility

• High impact in a high-growth environment