2 Drata Jobs

Who we are Were Fluxon, a product development team founded by ex-Googlers and startup founders. We offer full-cycle software development from ideation and design to build and go-to-market. We partner with visionary companies, ranging from fast-growing startups to tech leaders like Google and Stripe, to turn bold ideas into products with the power to transform the world. About the role When IT runs smoothly, teams can focus on what matters - getting great work done. From onboarding to offboarding, secure systems to smooth setups - you&aposre the one who makes tech just work. As our IT Operations Manager, youll connect IT systems with business needs, helping our global team stay productive, secure, and supported. This is an individual contributor role based on-site in Hyderabad. Scope of Work: Provide hands-on support for hardware and software issues to keep our team productive Lead company-wide IT projects, like system rollouts or upgrades Own our device lifecycle: Track and manage hardware inventory Oversee laptop delivery for new hires and handle returns during offboarding Ensure team members are set up for success with the right equipment and guidance Maintain IT security standards: Help implement security policies and training Conduct regular audits to ensure our internal systems and tools remain secure Keep us ahead of the curve: Evaluate new software and vendors that could boost how we work Share recommendations and help with rollouts Qualifications Wed love to hear from you if you: Have 5+ years of experience as an IT admin, ideally with exposure to security training and audits Communicate clearly with both technical and non-technical teammates Instinctively step in to solve problems - whether simple or complex, you step in, troubleshoot, and make sure its fixed. Approach work with thoughtful execution - you dig deep, anticipate roadblocks, and follow through meticulously Care about experience and details - you notice what matters most and focus on the small things that make a big difference Bring strong knowledge of IT systems, device management, and security best practices Document as you go, follow up proactively, and keep teammates informed - no ghosting, no loose ends You&aposre familiar with tools like : ClickUp, Google Workspace, Slack, Drata, Kandji (or pick them up quickly) What we offer Flexible time off policy Comprehensive health insurance Profit-sharing program Paid parental leave Annual education and fitness allowances Show more Show less

JOB DESCRIPTION About the Role We're seeking a hands-on and detail-oriented Security and Compliance Engineer to drive security across our applications, infrastructure, and compliance programs-especially in a healthcare environment. This role combines security engineering, DevSecOps, and risk management with a strong focus on application, cloud, AI, and data security. You will work closely with engineering, DevOps, and compliance teams to embed security into the development lifecycle, support regulatory frameworks, and ensure cloud-native environments and AI technologies are secure by design. Responsibilities Conduct web and mobile application penetration testing, vulnerability scanning, and remediation support across our platforms. Integrate DevSecOps practices into CI/CD pipelines, using tools like Snyk, Terraform, and container security scanners. Implement and monitor Cloud Security Posture Management (CSPM) tools such as Wiz to secure cloud configurations and infrastructure. Partner with DevOps to enforce secure provisioning via Infrastructure as Code (IaC). Lead and support compliance initiatives (HIPAA, SOC 2, HITRUST) using platforms like Drata (Compliance-as-a-Service). Design and enhance email gateway security (e.g., Barracuda) and bot protection (e.g., WatchGuard) to defend against phishing and automated threats. Evaluate and secure chatbots and AI systems, addressing risks like prompt injection, data leakage, and model integrity. Drive data security best practices including encryption, data loss prevention (DLP), and classification strategies. Collaborate with engineering to embed security controls in product design and conduct threat modeling, secure code reviews, and architecture reviews. Participate in incident detection, response, and root cause analysis, while ensuring effective logging and monitoring are in place. Maintain security documentation and support audits and third-party assessments. Required Skills & Qualifications 4-6 years of experience in security engineering, compliance, and DevSecOps. Proficiency in web and mobile application security, including OWASP Top 10, SAST/DAST tools, and manual testing with Burp Suite, etc. Strong exposure to DevSecOps workflows, with hands-on experience using tools like Snyk, Terraform, and container security. Deep understanding of HIPAA, SOC 2, and healthcare compliance requirements. Experience with cloud security, preferably on Microsoft Azure, and familiarity with CSPM tools like Wiz. Working knowledge of Drata or similar compliance automation platforms. Exposure to email security gateways, bot protection, and threat detection tools. Familiarity with AI and chatbot security concepts and current risks in the generative AI space. Strong grasp of data security principles-encryption, access controls, data classification, and DLP. Scripting or automation skills in Python, Bash, or equivalent are a plus. Strong written and verbal communication, documentation, and collaboration skills. Nice to Have Certifications like OSCP, CEH, CCSK, CISSP, HCISPP, or similar. Familiarity with tools like KnowBe4, Intune, or Azure AD for identity and endpoint security. Understanding of Zero Trust Architecture, RBAC, and endpoint detection and response (EDR) strategies. Previous experience in a health tech, SaaS, or AI-focused organization. Why Join Us Make a real impact in securing healthcare and AI systems at scale. Collaborate in a high-ownership environment with modern tools and cloud-native practices. Work in a security-forward company that values both innovation and compliance. Flexible work environment and growth opportunities in a fast-paced tech culture.