Security Operations Engineer

The Security Operations Engineer role works within Collective Health’s Information Security team. This team includes Security Engineering (Product and Application Security) as well as Security Operations and works closely with our Privacy, Risk and Compliance Team. Our Security Team at Collective Health is at the heart of the company’s success. We spend a lot of time actively working with the broader community instead of opposing them, and we find that it passes off in spades. As part of the security team you’ll be responsible for ensuring the success of a collaborative security pipeline we’ve built out and actively encourage and promote the security culture we have here.

We are changing US healthcare through the use of technology, and the Director of Information Security leads the team that ensures secure delivery of that technology. Our customers are US employers and their employees and dependents. Our solutions enable better decision-making, resulting in improved health outcomes and counteracting the spiralling costs of US healthcare.

In our first 5 years as a company, we have built a rich solution suite, comprising consumer web and mobile healthcare portals, employer administration portals, data transformation for analytics, and high-volume back-office data processing for claims “adjudication”. This adjudication determines medical claim payments according to complex medical plan rules. Our solution is highly integrated with 3rd party enterprise solutions (HRMS/Ben Admin solutions) and 3rd party medical, dental, pharma, vision solutions, as well as specialist program solutions for maternity, fertility, diabetes, behavioural health, and many other medical domains.

Our data is extremely private (comprising of personal health information or PHI) and must be managed in strict compliance with HIPAA data privacy requirements. Our customers expect our solutions to be extremely highly available (better than 99.9% availability) and we aim for >70% NPS from very highly satisfied users who rely on our systems to navigate the bewildering world of healthcare, insurance and financial claims management. Extremely high data accuracy and security is paramount.

Our Security Team has a company-wide footprint – we interact with almost every employee, understand their workflow and assist them to make it more efficient. As a part of the Security Team, you will help us make our base layer more secure by focusing on architecture, development and operation of network, cloud security and employee systems.

Responsibilities

  • Build and operate infrastructure and automation to detect and respond to security threats.
  • Develop detection strategies to identify anomalous behaviors and attacks.
  • Partner with shareholders from the various teams to improve Collective Health defense posture.
  • Lead incident response and investigations technical activities including communications and coordination among different teams.
  • Train and mentor junior team members.
  • Document protocols and playbooks pertaining to incident response

Minimum Qualifications

  • Deep understanding of information security principles and defense in depth techniques
  • Strong programming experience in one or all of Python, Java, Go.
  • Ability to analyze network, host, memory, and other forensics artifacts originating from multiple OSs.
  • Experience Perform Memory Forensics & Malware reverse engineering, analysis and extract IOCs (Indicators of Compromise)
  • Strong background in incident response, hunting, forensics, intrusion detection or threat intelligence.
  • Hands-on experience with security technologies: Endpoint Detection & Response tools (EDR), such as GRR, SentinelOne, OsQuery, Snort, Bro
  • Hands-on experience with forensics technologies: Macquisition, X-Ways, Volexity, FTK, GRR,
  • Experience in hardening cloud infrastructure (AWS, Google Cloud, etc.).
  • Experience with common attack scenarios in various common layers within our infrastructure (cloud-based issues, code quality, insider threat, etc)

 

If many or most of the following items apply to you, we'd love to talk!

  • 5+ years of experience in Security Operations in a regulated organization (e.g HIPAA compliance - pharma, biotech, health insurance)
  • Experience as an accountable Security Operations Engineering of a regulated environment or organization (e.g. FISMA, HIPAA, PCI-DSS)
  • Deep understanding of information security principles
  • Ability to work effectively and influence groups throughout the organization.
  • Relevant network and network security experience (OSI model, firewalls, 802.1x, IPS, IDS, VPN)
  • Relevant systems security experience (HIDS, system hardening, cgroups etc)
  • Experience automating security incident event monitoring infrastructure

 

You get extra bonus points for:

  • You have contributed to and maintained open source projects
  • Experience working with Public Cloud Services (AWS, Azure, etc)
  • Familiarity with Service Oriented Architecture and/or micro-services based architecture
  • Familiarity with container-based infrastructure orchestration (e.g. Docker, Kubernetes, Meso)
  • Experience with NIST security frameworks
  • Experience working in Healthcare, Financial, or other regulated environment

 

Collective Health is a technology company working to create the healthcare experience we all deserve. Founded in 2013, our team of engineers, designers, product managers, and actuaries are redefining the $1 trillion market of employer-sponsored health benefits with data-driven and people-focused products. Our complete health benefits solution helps great companies like Activision Blizzard, Palantir, Restoration Hardware, and Pinterest take care of their people by harnessing the power of design and technology. Based in San Francisco, CA, we’re backed by some of the best investors in Silicon Valley including Google Ventures, Founders Fund, NEA, and Redpoint Ventures. For more information, visit us at https://www.collectivehealth.com.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

 

#LI-MD1


Meet Some of Collective Health's Employees

Erica H.

Senior Software Engineer

After a member visits their doctor or fills a prescription, Collective Health ensures members are billed accurately and providers are paid. Erica leads the development of the interface that enables the Operations Team to quickly and accurately process claims—ensuring money flows to the right people.

Henning C.

Director of Data Products

In the past, benefits teams have drowned in data and processes. Henning leads the development of the technical infrastructure and applications that make it easy for Collective Health’s clients to manage and optimize their employees’ health benefits.


Back to top