Staff Incident Response Analyst, Ro

• We are seeking a Staff Incident Response Analyst with demonstrable experience leading comprehensive incident response engagements, capable of developing innovative solutions to track and defend against sophisticated adversaries, and brings a broad vision and a deep understanding of the cybersecurity tradecraft
• Successful candidates will have successfully led complex incident response scenarios in a multi-cloud environment in the last 3 years
• They will bring hands-on technical experience investigating adversary tactics, techniques, and procedures, and are fluent in interpreting complex events and anomalies as a seasoned security operations professional
• The candidate will be comfortable navigating between strategic and task level discussions gracefully, collaborating with other cross-functional experts, and representing the SOC as our subject matter expert
• Preferred candidates will be assertive but open-minded critical thinkers with a high ownership mentality, understanding they own the goals and the outcomes
• They’re comfortable displaying humility in an environment where it’s not about “being right”, rather we are all responsible for “getting it right”
• They thrive working in challenging and hyper-modern, multi-cloud, SAAS-native environments with container-based first-party application architectures that are monitored with contemporary security controls.
• 7 years of experience in a security operations and incident response role, with a bachelor’s degree in a technical field or equivalent work experience
• Real world experience in incident management, crisis management, and/or breach response with an in-depth knowledge of applying both manual and automated response procedures
• Hands-on experience performing complex investigations and leading incident responses in AWS, Azure, or GCP environments, with experience interpreting and securing multi-cloud architectures
• Seasoned SOC/CIRT operator fluent in cyber investigations, cloud native response, network/host intrusion analysis, with strong knowledge of adversary tactics, techniques, and procedures
• Broad understanding of the risks facing the security industry, current and emerging threats, and varied approaches to applying modern controls in order to mitigate enterprise risks
• Nice to have: certified GX-IH, GCIH, GCFR, GCSA, GCTD, GCFA, GWEB, AWS-Security or equivalents

• Serve as the SOC’s highest point of escalation for technical analysis and response, shape program strategy as a trusted individual contributor, and mentor analyst teammates toward improvement
• Command incident response engagements as a hands-on cross-functional expert, leading both technical and non-technical colleagues, partners, and business leaders through complex scenarios
• Impact threat management program strategy across multiple competency domains including external threat, insider threat, threat intelligence, data security, fraud management, and physical security
• Work with stakeholders such as IT, Security Engineering, Product Security, Infrastructure, Privacy, and Legal teams to solve security challenges at scale, and enhance program capability
• Discover unknown technical risks, correlate disparate data sources to acquire evidence, and apply superior analytical techniques in pursuit of proposing your recommended remediation strategy
• Develop new hypotheses and perform detection engineering upon a rich dataset to discover adversary tactics, techniques and procedures aligned with our program’s threat intelligence

• Medical, dental, and vision membership
• Equity for all team members
• Flexible time off
• Paid parental leave, and flexible work arrangement
• Well-stocked office with snacks and bi-weekly free lunches
• Gym, learning, and development stipends

Total funding: $1.0bn

Ro is a healthcare startup that connects patients directly to physicians, nurses, and pharmacists. The founders of Ro established the company because they felt that health insurance wasn’t working as it should, as the pooled cost of expensive treatments means that the price of individual doctor visits is inflated.