Collective Health
Security Engineer, Incident Response
Collective Health, Greendale, Wisconsin, United States, 53129
Collective Health
Collective Health offers the first integrated solution that empowers employers to administer plans, manage costs, and take care of their people—all in one place.We all depend on healthcare throughout our lifetimes, for ourselves, and our families and friends, but it is notoriously difficult to navigate and understand. As an industry that comprises 20% of the US economy we think healthcare should work better for all of us. At Collective Health we believe it’s time for a new day in healthcare where as members we are informed and empowered to make the right care choices when the decisions are urgent and critical.Driven by our mission to make it easier to understand, navigate, and pay for healthcare, Collective Health is evolving the way health benefits work. If you are passionate about our mission and you are an experienced hands-on product and application security professional who is excited about developing and leading a broad range of functions at a mission-driven, highly-regulated technology company, this role is for you.You’ll lead initiatives that address the company’s—and some of our industry’s—most sophisticated and meaningful security and architectural challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment.This position is a hands-on role as a cyber security incident first-responder. An Incident Responder will provide a rapid initial response to any cyber security threats, incidents or cyber attacks on the organization. The responder will utilize a suite of forensic tools to enable investigations on any issues as they develop. Once the cause of the problem has been identified, you will need to restrict any damage, provide immediate workarounds, work with corporate communications, engineering, etc and if possible provide a solution or fix, so that any intrusion or threat to the organization is negated rapidly. Prepare and practice IR plans, perform tabletop exercises, etc. When not actively responding to incidents, you will proactively identify, research, and prioritize threats and associated threat actors.Responsibilities:
Triage high visibility incidents and report findings to senior leadershipWork closely with cross-functional teams to resolve cyber related issues, by providing detailed explanations of the incidents and necessary remediationsAssist in the development, implementation, and monitoring of a SIEMOversee remediation activities related to remediation of exploited system security vulnerabilitiesMaintain the Incident Response Policy and Incident PlaybooksAssist in special projects and recommendations for technical security solutions that align with the department’s vision and the needs of the businessFacilitate annual tabletop activities and conduct technical level and business discussions, as it relates to incident response, cyber forensics, and threat analyticsBe an active part of a 24/7/365 cyber incident response teamCollaborate with team members, understand their processes and workflows, prioritize their ideas and innovations and develop improvements to ensure successful executionEducate both security and non-security user groups on security topicsDesign security processes to ensure compliance to security policies as well as regulatory compliance (HIPAA, HITRUST, SOC 2, etc.). Assist with gathering audit evidence.To be successful in this role, you'll need:
Strong experience in managing incident response and forensic toolsStrong experience in performing threat assessments, determining what data is applicable to an industry vertical, and reporting on those findingsBasic to moderate experience with common attack scenarios in various common layers within enterprise infrastructure (cloud-based issues, code quality, insider threat, etc.)Moderate experience with socializing and building partnership on security programs and user expectationsModerate experience with training and mentoring the entire company on securityFamiliarity with security industry standards (ISO 17799, NIST 800 series, etc.) and best practicesExperience developing threat indicators to be used to develop correlated SIEM alertsUnderstanding of common cyber attack and defense frameworks such as MITRE, NIST 800-61r2.Pay Transparency Statement
This is a hybrid position based out of one of our offices: San Francisco, CA, Plano, TX, or Lehi, UT. Hybrid employees are expected to be in the office three days per week (Plano, TX) or two days per week (San Francisco, CA and Lehi, UT). The actual pay rate offered within the range will depend on factors including geographic location, qualifications, experience, and internal equity. In addition to the salary, you will be eligible for stock options and benefits like health insurance, 401k, and paid time off. Learn more about our benefits at
Collective Health Benefits .About Collective Health
Collective Health is the leading health benefits platform that brings together medical, dental, vision, pharmacy, and program partners into an integrated solution that better enables employees and their families to understand, navigate, and pay for healthcare. By reducing the administrative lift of delivering health benefits, providing an intuitive member experience, and helping control costs and improve outcomes, the company guides employees toward healthier lives and companies toward healthier bottom lines.We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Collective Health is committed to providing support to candidates who require reasonable accommodation during the interview process. If you need assistance, please contact recruiting-accommodations@collectivehealth.com.
#J-18808-Ljbffr
Collective Health offers the first integrated solution that empowers employers to administer plans, manage costs, and take care of their people—all in one place.We all depend on healthcare throughout our lifetimes, for ourselves, and our families and friends, but it is notoriously difficult to navigate and understand. As an industry that comprises 20% of the US economy we think healthcare should work better for all of us. At Collective Health we believe it’s time for a new day in healthcare where as members we are informed and empowered to make the right care choices when the decisions are urgent and critical.Driven by our mission to make it easier to understand, navigate, and pay for healthcare, Collective Health is evolving the way health benefits work. If you are passionate about our mission and you are an experienced hands-on product and application security professional who is excited about developing and leading a broad range of functions at a mission-driven, highly-regulated technology company, this role is for you.You’ll lead initiatives that address the company’s—and some of our industry’s—most sophisticated and meaningful security and architectural challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment.This position is a hands-on role as a cyber security incident first-responder. An Incident Responder will provide a rapid initial response to any cyber security threats, incidents or cyber attacks on the organization. The responder will utilize a suite of forensic tools to enable investigations on any issues as they develop. Once the cause of the problem has been identified, you will need to restrict any damage, provide immediate workarounds, work with corporate communications, engineering, etc and if possible provide a solution or fix, so that any intrusion or threat to the organization is negated rapidly. Prepare and practice IR plans, perform tabletop exercises, etc. When not actively responding to incidents, you will proactively identify, research, and prioritize threats and associated threat actors.Responsibilities:
Triage high visibility incidents and report findings to senior leadershipWork closely with cross-functional teams to resolve cyber related issues, by providing detailed explanations of the incidents and necessary remediationsAssist in the development, implementation, and monitoring of a SIEMOversee remediation activities related to remediation of exploited system security vulnerabilitiesMaintain the Incident Response Policy and Incident PlaybooksAssist in special projects and recommendations for technical security solutions that align with the department’s vision and the needs of the businessFacilitate annual tabletop activities and conduct technical level and business discussions, as it relates to incident response, cyber forensics, and threat analyticsBe an active part of a 24/7/365 cyber incident response teamCollaborate with team members, understand their processes and workflows, prioritize their ideas and innovations and develop improvements to ensure successful executionEducate both security and non-security user groups on security topicsDesign security processes to ensure compliance to security policies as well as regulatory compliance (HIPAA, HITRUST, SOC 2, etc.). Assist with gathering audit evidence.To be successful in this role, you'll need:
Strong experience in managing incident response and forensic toolsStrong experience in performing threat assessments, determining what data is applicable to an industry vertical, and reporting on those findingsBasic to moderate experience with common attack scenarios in various common layers within enterprise infrastructure (cloud-based issues, code quality, insider threat, etc.)Moderate experience with socializing and building partnership on security programs and user expectationsModerate experience with training and mentoring the entire company on securityFamiliarity with security industry standards (ISO 17799, NIST 800 series, etc.) and best practicesExperience developing threat indicators to be used to develop correlated SIEM alertsUnderstanding of common cyber attack and defense frameworks such as MITRE, NIST 800-61r2.Pay Transparency Statement
This is a hybrid position based out of one of our offices: San Francisco, CA, Plano, TX, or Lehi, UT. Hybrid employees are expected to be in the office three days per week (Plano, TX) or two days per week (San Francisco, CA and Lehi, UT). The actual pay rate offered within the range will depend on factors including geographic location, qualifications, experience, and internal equity. In addition to the salary, you will be eligible for stock options and benefits like health insurance, 401k, and paid time off. Learn more about our benefits at
Collective Health Benefits .About Collective Health
Collective Health is the leading health benefits platform that brings together medical, dental, vision, pharmacy, and program partners into an integrated solution that better enables employees and their families to understand, navigate, and pay for healthcare. By reducing the administrative lift of delivering health benefits, providing an intuitive member experience, and helping control costs and improve outcomes, the company guides employees toward healthier lives and companies toward healthier bottom lines.We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Collective Health is committed to providing support to candidates who require reasonable accommodation during the interview process. If you need assistance, please contact recruiting-accommodations@collectivehealth.com.
#J-18808-Ljbffr