Senior Security Operations & GRC Expert (8+ Years)

Job Title: Security and compliance Lead

Experience Required: 7 to 12 Years

Location: Remote (Permanent)

Employment Type: Full-time

About DoctusTech:

DoctusTech is a fast-growing technology company focused on driving innovation in the US Healthcare domain. We build impactful, AI-driven solutions that solve real-world problems for our clients. Our team is agile, collaborative, and passionate about technology, and we're looking for people who share that same energy and commitment.

Role Overview

We are hiring a Security Operations Lead to own and scale our hands-on security operations while supporting SOC 2 and HIPAA compliance in a cloud-native SaaS healthtech environment. This role is execution-focused, working closely with Engineering and DevOps to build, monitor, and continuously improve security controls.

Key Responsibilities🔐 Security Operations (80%)

• Own day-to-day security operations for a SaaS platform running on AWS
• 
  
• Design and manage logging, monitoring, SIEM, and alerting pipelines
• 
  
• Lead incident response (triage, containment, RCA, post-incident reviews)
• 
  
• Drive vulnerability management, penetration testing, and remediation tracking
• 
  
• Own IAM, SSO, MFA, access reviews, and least-privilege enforcement
• 
  
• Secure CI/CD pipelines and partner with DevOps on DevSecOps practices
• 
  
• Implement and monitor cloud security controls (networking, encryption, secrets)
• 
  
• Define and test IR playbooks and conduct tabletop exercises
• 
  
• Act as escalation point for security events and customer incidents

🛡️ GRC & Compliance (20%)

• Support SOC 2 Type II audits by providing operational evidence
• 
  
• Maintain HIPAA-aligned security controls in coordination with legal/compliance
• 
  
• Assist with risk assessments and remediation planning
• 
  
• Ensure security operations remain audit-ready at all times
• 
  
• Partner with GRC teams/tools (Drata, Vanta, Secureframe)

Required Experience

• 7–12+ years in Security Operations / SecOps / Cloud Security
• 
  
• Strong hands-on experience with AWS security
• 
  
• Experience running or supporting SOC, IR, SIEM, vulnerability management
• 
  
• Exposure to SOC 2 audits and HIPAA-regulated environments
• 
  
• Strong understanding of SaaS security architecture
• 
  
• Comfortable working in startup or scale-up environments
• 
  
• Excellent communication with engineering and leadership teams

Must-Have Tools & Technologies

• Cloud: AWS (IAM, VPC, CloudTrail, GuardDuty, Security Hub)
• 
  
• SIEM / Monitoring: Splunk, Sentinel, ELK, Datadog
• 
  
• IAM: Okta / Azure AD / AWS SSO
• 
  
• Vulnerability Mgmt: Nessus, Wiz, Prisma, Snyk
• 
  
• GRC: Drata, Vanta, Secureframe

Nice to Have

• Healthcare security experience (HIPAA, HITRUST exposure)
• 
  
• DevSecOps experience in CI/CD pipelines
• 
  
• Certifications: GCIH, GCED, AWS Security, CISM
• 
  
• Experience supporting customer security reviews

What Success Looks Like

• Fast and effective incident response with minimal customer impact
• 
  
• Clear visibility into security posture and risks
• 
  
• Security controls embedded into engineering workflows
• 
  
• SOC 2 & HIPAA audits passed with no operational gaps
• 
  
• Reduced vulnerabilities and faster remediation cycles

Why Join Us

• Own security operations for a US healthtech SaaS platform
• 
  
• High-impact, hands-on role (no checkbox-only compliance)
• 
  
• Work closely with senior engineering and product leaders
• 
  
• Opportunity to shape security maturity end to end

This role requires hands-on security operations experience. Pure GRC or audit-only profiles will not be a fit.