Security Analyst (m/f/d) – Remote

About Us:At DrAnsay weare building digital medical services that make healthcare more accessible, efficient, and scalable. Our platform connects technology, medical expertise, and data-driven decision-making to deliver real value for patients and providers — at scale and across markets.As a fast-growing HealthTech company, Security is becoming a key pillar of our engineering organization — and you will play a central role in shaping it.You will join a modern, cloud-native environment built on:Tech Stack: TypeScript, Node.js, tRPC, gRPC, REST APIs Postgres, Redis/BullMQ Google Cloud Platform (GCP), Kubernetes Prometheus, Grafana iOS (Swift), Android (Kotlin/Java)We are looking for a hands-on Security Specialist who wants to bring their expertise into this stack and actively shape how security is embedded across architecture, development, and infrastructure.Your Mission:Take ownership of application and cloud security across our services, APIs, mobile apps, and Kubernetes-based GCP infrastructure, ensuring pragmatic, scalable, and developer-friendly security standards.You will work closely with engineering and leadership, contribute to architectural decisions, and have high visibility across the organization while remaining deeply hands-on.Your Responsibilities:Conduct hands-on penetration testing (Node.js/TypeScript, APIs, iOS/Android), including tools such as Burp SuiteIdentify and remediate vulnerabilities (e.g., auth bypass, injection, deserialization flaws)Define and implement secure API standards (JWT/OAuth, TLS/mTLS, validation, rate limiting, CORS)Harden infrastructure (Kubernetes/GCP, Postgres, Redis/BullMQ) and secure mobile applicationsEstablish and continuously improve Secure SDLC practices (threat modeling, reviews, SAST/DAST in CI/CD)Implement automated monitoring (eBPF, Falco) and support incident responseContribute to GDPR, ISO 27001, and SOC 2 initiativesThis role offers a high level of ownership and autonomy. You will have the space to bring in your ideas, introduce pragmatic improvements, and shape security standards in a growing engineering organization.RequirementsYour Profile:Solid hands-on experience in application and/or cloud securityExperience with Kubernetes and GCPStrong understanding of API security (OWASP API & Mobile Top 10)Experience securing Node.js/TypeScript systemsComfortable working independently and driving initiatives forwardNice to have:CISSP, CKS, CCSP, OSCP | Container scanning | GCP IAM | Automation scriptingWhat We Offer:Remote work & flexible setupProfessional development & certification budgetA role with real ownership and strong visibilityHigh impact in a high-growth environmentHighlights#Healthy420: Work on the future of healthcare and help shape safe access to medicinal cannabis!#RemoteWork: 100% - 4.20 instead of 9to5Originally posted on Himalayas