If you are passionate about our mission and you are an experienced hands-on product and application security professional who is excited about developing and leading a broad range of functions at a mission-driven, highly-regulated technology company, this role is for you.

You’ll lead initiatives that address the company’s—and some of our industry’s—most sophisticated and meaningful security and architectural challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment.

This position is a hands-on role as a cybersecurity incident first responder. This analyst will assist the Incident Response Lead in providing a rapid initial response to any cybersecurity threats, incidents or cyber attacks on the organization. The analyst will utilize a suite of forensic tools to enable investigations on any issues as they develop. Once the cause of the problem has been identified, you will need to restrict any damage, provide immediate workarounds, work with corporate communications, engineering, etc and if possible provide a solution or fix, so that any intrusion or threat to the organization is negated rapidly. Prepare and practice IR plans, perform tabletop exercises, etc. When not actively responding to incidents, you will proactively identify, research, and prioritize threats and associated threat actors. 

What you’ll do:

• Triage high-visibility incidents and report findings to Incident Response Lead and CISO
• Work closely with the Incident Response Lead to resolve cyber related issues, by providing detailed explanations of the incidents and necessary remediations
• Manage the day to day operations to identify opportunities for process automation and orchestration of processes by collaborating with cross-functional teams 
• Assist in the development, implementation, and monitoring of a SIEM
• Oversee remediation activities related to exploited system security vulnerabilities
• Update documentation around the Incident Response Policy and Incident Playbooks 
• Assist in special projects and recommendations for technical security solutions that align with the department’s vision and the needs of the business
• Be an active part of a 24/7/365 cyber incident response team
• Collaborate with team members, understand security processes and workflows, prioritize ideas and innovations, and develop improvements to ensure successful execution
• Educate both security and non-security user groups on security best practices and security policies
• Assist in facilitating phishing campaigns and other training opportunities
• Assist with gathering audit evidence to ensure compliance to security policies as well as regulatory compliance (HIPAA, HITRUST, SOC 1, SOC 2, etc.). 
• Assist in creating and tuning alerting rules from various security tools.

Your skills include:

• Experience developing threat indicators to be used to develop correlated SIEM alerts
• Experience in managing incident response and forensic tools
• Strong experience in performing threat assessments, determining what data is applicable to an industry vertical, and reporting on those findings
• Basic to moderate experience with common attack scenarios in various common layers within enterprise infrastructure (cloud-based issues, code quality, insider threat, etc.,)
• Moderate experience with socializing and building partnership on security programs and user expectations
• Moderate experience with training and mentoring the entire company on security 
• Familiarity with security industry standards (ISO 17799, NIST 800 series, etc.) and best practices
• Understanding of common cyber attack and defense frameworks such as MITRE, NIST 800-61r2.

Pay Transparency Statement

This is a hybrid position based out of our San Francisco office, with the expectation of being in office at least two weekdays per week. #LI-hybrid

The actual pay rate offered within the range will depend on factors including geographic location, qualifications, experience, and internal equity. In addition to the salary, you will be eligible for stock options and benefits like health insurance, 401k, and paid time off. Learn more about our benefits at https://jobs.collectivehealth.com/benefits/.