Clinia

www.clinia.com

1 Job

45 Employees

About the Company

Clinia helps health organizations to deploy Health-grade Search across their ecosystems, so their users can access the right health result or response at the right time. Each year, millions of health journeys are powered by Clinia Search infrastructure - enabling organizations to supercharge the impact of their data, empowering care teams to deliver efficient and timely care, and supporting patients to live healthier lives.

Today, Clinia is proudly a certified B Corporation, reinforcing our commitment to creating meaningful change with our health-focused technologies, our engagement with the community, the well-being of our team members, and the integrity of our governance. Headquartered in Montreal, Canada, our team members live and work across North America and Europe.

Listed Jobs

Company Name: Clinia
Job Title: Senior Security Specialist
Job Description: **Job title:** Senior Security Specialist **Role Summary:** Design and implement secure architectures across cloud, applications, data pipelines, and macOS endpoints. Oversee day‑to‑day security operations, automate evidence collection, and embed DevSecOps best practices. Lead threat modeling, vulnerability management, and incident response while ensuring compliance with SOC 2, HIPAA, GDPR, and other regulatory frameworks. **Expectations:** - Balance architecture and hands‑on response. - Collaborate closely with engineering and product teams. - Maintain up‑to‑date security controls and continuous compliance evidence. - Participate in on‑call rotations to guarantee timely incident handling. - Train and raise security awareness across the organization. **Key Responsibilities:** 1. Design secure cloud‑native, application, data‑pipeline, and endpoint architectures. 2. Build and maintain identity, access, encryption, secrets management, and logging frameworks. 3. Configure and manage EDR (Jamf Protect), MDM (Jamf), SIEM (Vector, Loki) and related intrusion detection tools. 4. Lead threat modeling, design reviews, and vulnerability scanning with access reviews and hardening. 5. Automate evidence collection and control validation using platforms such as Vanta. 6. Monitor logs and systems, investigate incidents, perform post‑mortems, and develop/maintain incident‑response playbooks. 7. Participate in on‑call rotations to ensure operational resilience. 8. Align security systems and controls with SOC 2, HIPAA, Law 25, GDPR, and other applicable regulations. 9. Embed DevSecOps practices into engineering pipelines and workflows. 10. Create security standards, playbooks, and training materials to elevate organization‑wide security maturity. **Required Skills:** - Proven experience designing and operating security architecture across cloud, applications, and endpoints. - Hands‑on expertise with SIEM, EDR, MDM, and intrusion detection tools. - Strong scripting and automation skills (Python, Bash, or similar). - Ability to detect, investigate, and remediate incidents rapidly and accurately. - Familiarity with SOC 2, HIPAA, GDPR, and other regulatory frameworks. - Experience with DevSecOps integration and security training. - Excellent communication, collaboration, and documentation skills. **Required Education & Certifications:** - Bachelor’s degree in Computer Science, Information Security, or related field. - Relevant certifications preferred: CISSP, CISM, CCSP, OSCP, or cloud security specialty certifications (AWS Certified Security Specialty, GCP CSPK, Azure Security Engineer Associate). - Practical experience in regulated industries, particularly healthtech, is a plus.