Security Operations Engineer Collective Health
San Francisco, CA

Job Description

The Security Operations Engineer role works within Collective Health's Information Security team. This team includes Security Engineering (Product and Application Security) as well as Security Operations and works closely with our Privacy, Risk and Compliance Team. Our Security Team at Collective Health is at the heart of the company's success. We spend a lot of time actively working with the broader community instead of opposing them, and we find that it passes off in spades. As part of the security team you'll be responsible for ensuring the success of a collaborative security pipeline we've built out and actively encourage and promote the security culture we have here.

We are changing US healthcare through the use of technology, and the Director of Information Security leads the team that ensures secure delivery of that technology. Our customers are US employers and their employees and dependents. Our solutions enable better decision-making, resulting in improved health outcomes and counteracting the spiralling costs of US healthcare.

In our first 5 years as a company, we have built a rich solution suite, comprising consumer web and mobile healthcare portals, employer administration portals, data transformation for analytics, and high-volume back-office data processing for claims "adjudication". This adjudication determines medical claim payments according to complex medical plan rules. Our solution is highly integrated with 3rd party enterprise solutions (HRMS/Ben Admin solutions) and 3rd party medical, dental, pharma, vision solutions, as well as specialist program solutions for maternity, fertility, diabetes, behavioural health, and many other medical domains.

Our data is extremely private (comprising of personal health information or PHI) and must be managed in strict compliance with HIPAA data privacy requirements. Our customers expect our solutions to be extremely highly available (better than 99.9% availability) and we aim for >70% NPS from very highly satisfied users who rely on our systems to navigate the bewildering world of healthcare, insurance and financial claims management. Extremely high data accuracy and security is paramount.

Our Security Team has a company-wide footprint - we interact with almost every employee, understand their workflow and assist them to make it more efficient. As a part of the Security Team, you will help us make our base layer more secure by focusing on architecture, development and operation of network, cloud security and employee systems.

Responsibilities

* Build and operate infrastructure and automation to detect and respond to security threats.
* Develop detection strategies to identify anomalous behaviors and attacks.
* Partner with shareholders from the various teams to improve Collective Health defense posture.
* Lead incident response and investigations technical activities including communications and coordination among different teams.
* Train and mentor junior team members.
* Document protocols and playbooks pertaining to incident response

Minimum Qualifications

* Deep understanding of information security principles and defense in depth techniques
* Strong programming experience in one or all of Python, Java, Go.
* Ability to analyze network, host, memory, and other forensics artifacts originating from multiple OSs.
* Experience Perform Memory Forensics & Malware reverse engineering, analysis and extract IOCs (Indicators of Compromise)
* Strong background in incident response, hunting, forensics, intrusion detection or threat intelligence.
* Hands-on experience with security technologies: Endpoint Detection & Response tools (EDR), such as GRR, SentinelOne, OsQuery, Snort, Bro
* Hands-on experience with forensics technologies: Macquisition, X-Ways, Volexity, FTK, GRR,
* Experience in hardening cloud infrastructure (AWS, Google Cloud, etc.).
* Experience with common attack scenarios in various common layers within our infrastructure (cloud-based issues, code quality, insider threat, etc)

If many or most of the following items apply to you, we'd love to talk!

* 5+ years of experience in Security Operations in a regulated organization (e.g HIPAA compliance - pharma, biotech, health insurance)
* Experience as an accountable Security Operations Engineering of a regulated environment or organization (e.g. FISMA, HIPAA, PCI-DSS)
* Deep understanding of information security principles
* Ability to work effectively and influence groups throughout the organization.
* Relevant network and network security experience (OSI model, firewalls, 802.1x, IPS, IDS, VPN)
* Relevant systems security experience (HIDS, system hardening, cgroups etc)
* Experience automating security incident event monitoring infrastructure

You get extra bonus points for:

* You have contributed to and maintained open source projects
* Experience working with Public Cloud Services (AWS, Azure, etc)
* Familiarity with Service Oriented Architecture and/or micro-services based architecture
* Familiarity with container-based infrastructure orchestration (e.g. Docker, Kubernetes, Meso)
* Experience with NIST security frameworks
* Experience working in Healthcare, Financial, or other regulated environment

Collective Health is a technology company simplifying employer healthcare to make health insurance work for everyone. With more than 200,000 members and over 45 enterprise clients-including Pinterest, Red Bull, Restoration Hardware, Activision Blizzard, and more-our technical and customer experience teams are reinventing the healthcare experience for forward-thinking employers and their people across the U.S.

Collective Health is headquartered in San Francisco, CA, with additional offices in Chicago, IL, and Lehi, UT. Founded in 2013, Collective Health is backed by the SoftBank Vision Fund, DFJ Growth, PSP Investments, NEA, GV, G Squared, Founders Fund, Maverick Ventures, Mubadala Ventures, Sun Life, and other leading investors. For more information, visit us at https://www.collectivehealth.com