Sr. Security and compliance (SecOps and GRC)
Actively Reviewing the ApplicationsDoctusTech
Job Description
Job Title: Security and compliance Lead
Experience Required: 7 to 12 Years
Location: Remote (Permanent)
Employment Type: Full-time
About DoctusTech:DoctusTech is a fast-growing technology company focused on driving innovation in the US Healthcare domain. We build impactful, AI-driven solutions that solve real-world problems for our clients. Our team is agile, collaborative, and passionate about technology, and we're looking for people who share that same energy and commitment.
Role OverviewWe are hiring a Security Operations Lead to own and scale our hands-on security operations while supporting SOC 2 and HIPAA compliance in a cloud-native SaaS healthtech environment. This role is execution-focused, working closely with Engineering and DevOps to build, monitor, and continuously improve security controls.
Key Responsibilities🔐 Security Operations (80%)- Own day-to-day security operations for a SaaS platform running on AWS
- Design and manage logging, monitoring, SIEM, and alerting pipelines
- Lead incident response (triage, containment, RCA, post-incident reviews)
- Drive vulnerability management, penetration testing, and remediation tracking
- Own IAM, SSO, MFA, access reviews, and least-privilege enforcement
- Secure CI/CD pipelines and partner with DevOps on DevSecOps practices
- Implement and monitor cloud security controls (networking, encryption, secrets)
- Define and test IR playbooks and conduct tabletop exercises
- Act as escalation point for security events and customer incidents
- Support SOC 2 Type II audits by providing operational evidence
- Maintain HIPAA-aligned security controls in coordination with legal/compliance
- Assist with risk assessments and remediation planning
- Ensure security operations remain audit-ready at all times
- Partner with GRC teams/tools (Drata, Vanta, Secureframe)
- 7–12+ years in Security Operations / SecOps / Cloud Security
- Strong hands-on experience with AWS security
- Experience running or supporting SOC, IR, SIEM, vulnerability management
- Exposure to SOC 2 audits and HIPAA-regulated environments
- Strong understanding of SaaS security architecture
- Comfortable working in startup or scale-up environments
- Excellent communication with engineering and leadership teams
- Cloud: AWS (IAM, VPC, CloudTrail, GuardDuty, Security Hub)
- SIEM / Monitoring: Splunk, Sentinel, ELK, Datadog
- IAM: Okta / Azure AD / AWS SSO
- Vulnerability Mgmt: Nessus, Wiz, Prisma, Snyk
- GRC: Drata, Vanta, Secureframe
- Healthcare security experience (HIPAA, HITRUST exposure)
- DevSecOps experience in CI/CD pipelines
- Certifications: GCIH, GCED, AWS Security, CISM
- Experience supporting customer security reviews
- Fast and effective incident response with minimal customer impact
- Clear visibility into security posture and risks
- Security controls embedded into engineering workflows
- SOC 2 & HIPAA audits passed with no operational gaps
- Reduced vulnerabilities and faster remediation cycles
- Own security operations for a US healthtech SaaS platform
- High-impact, hands-on role (no checkbox-only compliance)
- Work closely with senior engineering and product leaders
- Opportunity to shape security maturity end to end
This role requires hands-on security operations experience. Pure GRC or audit-only profiles will not be a fit.
Required Skills
Quick Tip
Customize your resume and cover letter to highlight relevant skills for this position to increase your chances of getting hired.
Related Similar Jobs
View All
Assistant Officer, Personal Banker, Consumer Banking Group
DBS Bank
HR Operations
Sir H.N. Reliance Foundation Hospital & Research Centre
Purchase Executive
Classic Signages Pvt. Ltd.
TEST ENGINEER L3
Wipro
Account Manager Sales
SoftwareOne
Quick Apply
Upload your resume to apply for this position