Hi, we're Oscar. We’re hiring a Security Engineer, Detection & Response to join our Security team in our New York office.
Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 and headquartered in New York City. Our goal is to make health insurance simple, transparent, and human. We need your help to do so.
About the role:
Taking care of our members includes securing their data. The mission of the Security team is to protect the data our customers have entrusted to us, and make it possible for Oscar management to make informed, risk-calibrated decisions.
As a Security Engineer, Detection & Response, you will support the information security incident response efforts by collecting and analyzing evidence and providing reports of identified threats, as well as search for insider threats. You will work with other Security team members and partner cross-functionally with Engineering, IT, and SRE to to help prioritize and close control gaps and reduce enterprise risk.
Want more jobs like this?
Get Software Engineer jobs in New York, NY delivered to your inbox every week.
You will report into the Director of Detection and Response.
Responsibilities:
- Participate individually and as part of a team in threat intelligence collection and threat hunting activities
- Systematically test the ability of security controls to continuously drive improvements in threat protection and detection
- Be an active member of the enterprise information security incident response team, provide oversight over security investigations, and assists with the disciplinary and legal matters associates with security breaches and policy violations as necessary
- Support the overall improvement of the security process and documentation
- Conduct proactive threat\vulnerability research
- Keeps informed of new technologies or application methodologies through publications, membership in professional organizations and contact with other IT organizations and institutions
- Participate in the design and day-to-day administration of security systems that reflect state-of-the-art security best practices and compliance, ensuring a focus on balancing security effectiveness without introducing material operational friction
Requirements:
- Have a minimum of 4 years of career experience related to security operations and incident response
- Applied your skills in reverse engineering, computer forensics, ethical hacking, and threat hunting to solve problems in a technology-first environment
- Previous experience in particular OS environments (Mac and Linux) as well as cloud environments (AWS and GCP)
- Able to analyze system and network logs to piece together what happened
- In-depth technical understanding that enables you to assess security risks in a technology-heavy company
- Can fluently communicate security risks to both technical and non-technical audiences
Life at Oscar:
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives.
We encourage our members to care for their whole selves, and we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, and volunteer opportunities.
Reasonable Accommodation:
Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (accommodations@hioscar.com) to make the need for an accommodation known.
Pay Transparency Policy:
Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.