Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Security & Risk Engineer || Remote, US-based image - Rise Careers
Job details

Security & Risk Engineer || Remote, US-based

About Buoy Software


Our mission is to deliver the best experience possible to as many donors of blood products (such as plasma) as possible, in as many communities as possible. We use our understanding of blood product donation and the industry’s regulations and pair them with our extensive consumer product experience to enrich the lives of our members and improve health outcomes for patients everywhere. 


In an industry that hasn’t seen innovation in more than two decades, Buoy’s software streamlines the donation process allowing our business to promote loyalty while improving efficiency in a donation center. In turn, the increase in blood product donations improves a supply level that is at an all time low, and allows for blood-product derived biotherapies to continue to evolve, improve, and save lives for those who face life-threatening conditions (i.e. immune deficiencies and blood disorders). Without an increase in blood product donations, we are facing a worldwide health crisis that ultimately results in rationing of care without the proper resources. Buoy Software is excited to be playing more of a role in improving the state of blood products and blood product donations.


We’re working alongside Join Parachute ([www.joinparachute.com/](http://www.joinparachute.com/)) in the opening of small market donation centers across the country that will create local donation center careers, opportunities to donate blood products, and provide financial compensation for those donations that will have a positive economic impact in those communities. 


The need for blood products is growing rapidly. We want to close the gap in blood product supply and demand by empowering organizations with the right tools. Buoy is the intuitive, data-driven mobile application for donors.


About The Role


We're looking for a Security and Risk Engineer to join our team. You should be someone who is comfortable and experienced in risk management and code review. This role will work closely with specific product engineering pods, owning all security controls and documentation for assigned pods. You should have an eye for continuous improvement, risk and vulnerability management, and security compliance.


What you’ll do:
  • Oversee vulnerability and security risk management including, but not limited to, vulnerability and risk identification/assessment, crafting mitigation proposals, tracking mitigation status, and testing and validating mitigation methods
  • Oversee security compliance activities including, but not limited to, hazard analyses, threat modeling, root cause analysis, and creating, updating, and maintaining policies and other relevant documentation
  • Manage continuous monitoring and auditing processes to detect and respond to security incidents
  • Perform code assessments to determine any impacts for Buoy’s applications
  • Responsible for defining, implementing, evaluating, and maintaining the effectiveness of security and risk controls
  • Identify current and emerging issues including security trends, vulnerabilities, and threats
  • Collaborate with team members and stakeholders on projects and audits
  • Design security controls that increase operational efficiency and reduces the likelihood of control failure
  • Perform third party security assessments
  • Educate and train staff on security best practices


Who you are:
  • You have experience with threat modeling analysis such as STRIDE and Attack Tree methodologies.
  • You have experience with software as a service.
  • You are a self starter. You enjoy working in an environment where you have a lot of autonomy. You are not one to wait around to be given work, but are always looking for ways in which you can provide support for your colleagues.
  • You can adapt to change quickly and thrive in an environment where every day is different / you own a variety of tasks.
  • You are a team player. Everyone contributes within the Buoy team, and you want to help the team get the job done when needed, regardless of initial ownership.
  • You are professional in your collaboration and communication methods. You can represent Buoy and our values both internally and externally (with vendors / partners) as needed.


In the first 30 days, you will…
  • Be introduced to the team - we’ll help you start to get to know your colleagues, point of contacts for various scenarios, understanding dynamics within the broader org.
  • Learn how Buoy Software operates internally - we’ll help you get accustomed to Buoy’s process, engineering terminology, and other cultural aspects of working here.
  • Go through product demos to start to understand Buoy Software and how it works for both donors experience and donor processing.
  • Begin meeting with and getting to know your direct manager who will share various projects and goals for this role to provide guidance as you settle into the position.
  • Review existing security documentation and determine gaps or improvements.
  • Hit the ground running!


In the first 60 days, you will…
  • Understand goals for your respective pods over the next 6 - 12 months.
  • Begin implementing solutions for gaps identified and performing all duties related to continuous management of security for your pods.
  • Become more familiar with workflows and processes.
  • Become more autonomous as you work with your pods and other stakeholders.
  • Start to define timelines for various projects with your manager to help prioritize your focus and align them with the goals for this role.
  • Begin to suggest changes and improvements to the security program and/or internal processes.


In the first 90 days, you will…
  • Meet with stakeholders across the broader Buoy Software organization.
  • Become more familiar with the other departments across Buoy Software (including leadership, support, customer success, marketing, and people ops).


$120,000 - $140,000 a year

Where you'll be

We are fully remote. We deeply believe in distributed teams at Buoy. We build projects around motivated individuals. We give our team the environment, support and trust they need to get the job done.


We are only considering candidates currently based in the United States at this time.


---

Employment at Buoy Software is contingent upon achievement of satisfactory results on your background check and reference check and your ability to provide proof of your identity and eligibility to accept employment in the United States.

Average salary estimate

$130000 / YEARLY (est.)
min
max
$120000K
$140000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Security & Risk Engineer || Remote, US-based, Buoy Software

At Buoy Software, we are on a mission to revolutionize blood product donations through technology, and we need a knowledgeable Security & Risk Engineer to help us enhance our security measures! In this remote role, you'll be working closely with dedicated product engineering teams to oversee vital security controls and documentation for your assigned pods. Your expertise in risk management and code review will be invaluable as you conduct vulnerability assessments, manage compliance activities, and ensure we're always prepared for any potential security incidents. Your keen eye for continuous improvement will shine as you identify emerging security trends and design proactive controls that increase operational efficiency. You'll collaborate with a passionate team, educating and training staff on security best practices, while making a tangible difference in the health outcomes of patients worldwide. With Buoy, you won’t just be another cog in the wheel—you’ll have the autonomy to make impactful changes and support your colleagues in their missions. Join us in transforming the way blood products are donated and received while enjoying the benefits of a fully remote work environment. Are you ready to take on this exciting challenge?

Frequently Asked Questions (FAQs) for Security & Risk Engineer || Remote, US-based Role at Buoy Software
What are the key responsibilities of a Security & Risk Engineer at Buoy Software?

As a Security & Risk Engineer at Buoy Software, you'll be primarily responsible for overseeing vulnerability and risk management while performing security assessments on our applications. You'll assist in crafting mitigation proposals, tracking their status, and ensuring that security compliance activities are thoroughly executed, including threat modeling and root cause analysis.

Join Rise to see the full answer
What qualifications do I need to apply for the Security & Risk Engineer position at Buoy Software?

To qualify for the Security & Risk Engineer role at Buoy Software, you should have experience in threat modeling analysis, knowledge of software as a service, and a proactive attitude toward risk management. Solid communication skills and the ability to collaborate professionally will also be crucial as you work with various teams across the organization.

Join Rise to see the full answer
What does the onboarding process look like for a Security & Risk Engineer at Buoy Software?

The onboarding for a Security & Risk Engineer at Buoy Software is designed to ensure a smooth transition into your new role. In the first 30 days, you'll be introduced to your team, learn our internal processes, attend product demos, review existing security documentation, and more, helping you to get acquainted and hit the ground running quickly.

Join Rise to see the full answer
How does Buoy Software approach security compliance and risk management?

At Buoy Software, security compliance and risk management are prioritized from the get-go. As a Security & Risk Engineer, you'll be involved in continuous monitoring and auditing processes, defining and maintaining security and risk controls, and actively contributing to enhance our security posture to protect our data and systems effectively.

Join Rise to see the full answer
Is the Security & Risk Engineer position at Buoy Software suitable for remote work?

Absolutely! The Security & Risk Engineer position at Buoy Software is fully remote. We believe in fostering a distributed team environment where motivated individuals can thrive and contribute to projects effectively, regardless of their location.

Join Rise to see the full answer
Common Interview Questions for Security & Risk Engineer || Remote, US-based
What experience do you have with threat modeling methodologies in the Security & Risk Engineer role?

You can start by discussing your familiarity with methodologies like STRIDE and Attack Trees. Explain how you have applied these methodologies in past roles to identify threats and devise mitigation strategies effectively.

Join Rise to see the full answer
Can you describe a time you identified a security vulnerability in a product you were working on?

Share a specific example where you discovered a vulnerability, detail your approach to assessing its impact, and explain the steps you took to communicate it to your team and oversee the mitigation process.

Join Rise to see the full answer
How would you manage continual improvements to security processes within a development team?

Highlight your proactive mindset and elaborate on strategies you would implement to regularly review and improve security practices, such as conducting periodic assessments, collaborating with engineers, and sharing best practices to foster a security-first culture.

Join Rise to see the full answer
What role does documentation play in your security management strategy?

Discuss the importance of maintaining comprehensive documentation for security policies, incident responses, and risk assessments. Emphasize how documentation supports compliance and ensures clarity and accountability across the organization.

Join Rise to see the full answer
How do you ensure that all team members understand and adhere to security best practices?

Explain how you would conduct training sessions and workshops to elevate the team's understanding of security protocols. Mention your approach to developing user-friendly guides or maintaining an accessible knowledge base.

Join Rise to see the full answer
What tools or frameworks do you use for security risk assessment?

Provide examples of tools and frameworks you've utilized in your past experience, such as OWASP, NIST, or custom internal solutions, and discuss how you effectively apply them to assess and manage security risks.

Join Rise to see the full answer
Describe your experience with third-party security assessments in a Security & Risk Engineer role.

Share your approach for conducting third-party assessments, how you evaluate security postures of vendors, and any frameworks or standards you follow during the assessment process.

Join Rise to see the full answer
How do you stay updated on emerging security trends and vulnerabilities?

Talk about the resources you rely on such as industry news, forums, webinars, and security conferences. Reinforce your commitment to continuous learning in this rapidly evolving field.

Join Rise to see the full answer
What steps would you take if you identified a significant security incident?

Discuss the urgency of incident response, outlining the immediate actions you would take such as containment, assessment, communication with relevant stakeholders, and post-incident analysis to improve future responses.

Join Rise to see the full answer
How do you prioritize security tasks in a fast-paced environment?

Explain your strategy for assessing risk factors and weighing them against project deadlines and resources. Highlight your organizational skills and ability to adapt to changing priorities while maintaining focus on critical security issues.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Long View Systems Remote Remote Opportunities - Canada
VIEW
Posted 3 days ago
Photo of the Rise User
BuzzClan LLC Hybrid Ross Ave, Dallas, TX, USA
VIEW
Posted yesterday
I
Integrators services a.s. Remote Hybrid / Praha - Stodůlky
VIEW
Posted 12 days ago
Photo of the Rise User
Rover.com Hybrid Seattle
VIEW
Posted 13 days ago
Photo of the Rise User
Latitude Inc Hybrid Orlando, FL
VIEW
Posted 5 days ago
H
HR Force International Remote No location specified
VIEW
Posted 6 days ago
Photo of the Rise User
Keyloop Remote UK (Homeworking)
VIEW
Posted yesterday
Photo of the Rise User
Visa Remote Bogota, Colombia
VIEW
Posted 12 hours ago
Photo of the Rise User By Buoy Software

buoy is the industry’s answer to unlocking more plasma supply.

7 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
LOCATION
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
January 12, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok