DevOps инженер

BostonGene provides a cloud-based platform that integrates AI-driven molecular and immune profiling techniques to analyze tumors, microenvironments, and host immunity, supporting healthcare providers, pharma, and biotech in delivering precision treatments and developing life-saving therapies.

• Lead and support secure SDLC initiatives across web, API, cloud-native, and enterprise applications;
• Establish, maintain, and support SSDLC processes and activities aligned with industry best practices and IEC 81001-5-1;
• Perform and coordinate secure code reviews, architecture security assessments, threat modeling, vulnerability assessments, penetration testing coordination, and security design reviews;
• Integrate security controls into CI/CD and DevSecOps pipelines;
• Collaborate with engineering teams to remediate vulnerabilities and improve secure coding practices;
• Develop application security testing strategies aligned with organizational risk management objectives;
• Conduct and oversee security assessments using SAST, DAST, SCA, API security testing, and container and cloud security assessments;
• Evaluate third-party software and open-source dependencies for security risks;
• Support black-box, gray-box, and white-box testing methodologies;
• Review security testing results and ensure remediation activities are tracked to completion;
• Support secure deployment and configuration practices across AWS, Microsoft Azure, and Google Cloud Platform;
• Collaborate with platform and infrastructure teams on container and Kubernetes security initiatives;
• Support compliance initiatives aligned with NIST SP 800-171, NIST CSF, ISO 27001, OWASP ASVS, SOC 2, IEC 81001-5-1, HIPAA/HITECH, and GDPR;
• Participate in risk assessments, audits, and security control validation activities;
• Assist in maintaining security documentation, standards, procedures, and policies;
• Partner with stakeholders across engineering, research, operations, compliance, and executive leadership;
• Mentor junior security engineers and promote secure engineering best practices;
• Support project planning, estimation, prioritization, and security roadmap activities;
• Prepare dashboards, metrics, and reports for technical and executive audiences;
• Contribute to building a positive, collaborative, and inclusive security culture.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, or equivalent practical experience;
• Professional experience in Application Security, DevSecOps, Secure Software Engineering, Security Architecture, or Cloud Security;
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, secure coding principles, and threat modeling methodologies;
• Experience with security testing and scanning tools such as Checkmarx, Burp Suite, Veracode, Snyk, Trivy, Fortify, SonarQube, or similar enterprise security tools;
• Familiarity with modern development frameworks, APIs, microservices, and cloud-native architectures;
• Familiarity with regulated software/medical device environments and security activities supporting PMDA or similar regulatory submissions, including IEC 81001-5-1 and IEC 62304;
• Experience working within Agile/Scrum environments;
• Strong analytical, problem-solving, verbal, and written communication skills;
• Nice to have: Experience in biotechnology, healthcare, genomics, pharmaceutical, or life sciences industries, knowledge of protecting genomic data, research platforms, clinical systems, or biomedical intellectual property, experience with Kubernetes, Docker, Infrastructure as Code (IaC), CI/CD platforms, or Zero Trust architecture, relevant certifications such as CISSP, CSSLP, CEH, GIAC, AWS/Azure/GCP Security Certifications, OSCP, or Security+.

• Competitive salary and comprehensive healthcare insurance;
• Office location in Yerevan with on-site snacks;
• Relocation support is available for candidates and their immediate family members, including full documentation and bureaucracy support;
• Corporate benefits, including English language lessons and gym membership;
• Structured and responsible supervision to support professional growth.