Security Analyst
Cedar has built a category defining platform that combines data science and machine learning to connect patients with healthcare providers in a way that helps solve the critical challenges of patient billing and payment. Our technologies improve the overall experience of patient billing and engagement, enabling patients to help manage the cost and payment of their care while ensuring providers can thrive in a rapidly changing environment. Patients, providers, and payors put their trust in Cedar's platform, making security and availability an integral part of what we do.
As a Security Analyst passionate about operations, you help Cedar understand ground truth about our environment and protect our company against threats new and old: ensuring sensitive data stays where it’s supposed to, that our systems are resilient to attacks and abuse, and that we have the insights to prove to our regulators and partners that we're good stewards of their data.
You will be upstream from our Managed Detection and Response SOC and Vulnerability Management providers and will be hands-on with our industry-leading platforms like AWS, Splunk, and Okta, building tools, alerts, and automation that provide situational awareness for both our production and corporate environments. As a cloud-native SaaS company, you won’t have many legacy responsibilities: Cedar is mostly containers and serverless architecture, Slack for coordination, and Mac endpoints, so no time is spent securing Windows 2012 Active Directory. You’ll be joining a small security team where you’ll also have the opportunity to contribute to other operational functions. You’ll work closely with other engineering teams on alerts and findings.
Security is not a field with a clear career path – so even if these qualifications and levels don't fit your security background perfectly, we'd still encourage you to apply.
Responsibilities
- Develop solutions to hunt, detect and respond to security threats in a legacy-free corporate environment
- Work with others to perform threat modeling, research and share threat intelligence specific to Cedar's business
- Build log ingestion pipelines, rules, and responses in a mix of SIEM-specific language, scripts, and code
- Help the business understand security issues by crafting clear dashboards, prioritized rules, and response runbooks based on knowledge of threat, risk, and business value
- Work cross-functionally to support security-related business needs such as providing expertise to client account managers, coordinating operational incident response, and assuring our security and compliance commitments
Required Skills & Experience
- 2+ years in security or technology
- Capable in at least one general-purpose programming language (ideally Python)
- Experience with intrusion detection, log analysis, and endpoint detection tools
- Exposure to AWS security, CloudTrail, and configuration management
- Experience with incident response activities and threat hunting activities
- An understanding of web services, network engineering, and Unix system operations
- Comfort balancing a need to get-things-done with repeatable processes and creative flexibility
Preferred Skills & Experience
- Familiarity with macOS endpoints, G Suite and the tools to support them
- Experience owning technical projects end-to-end, from architecture to implementation
- Experience responding to, and improving the processes around, compliance and vendor requests
- A record of participation in the open-source and security communities
- Comfort working with across the organization to explain security needs and propose solutions
What do we offer to the ideal candidate?
- An opportunity to work with is scaling very rapidly, engaging with millions of patients per year, and growing at a rate of 360% YoY as of January 2021
- The ability to impact the growth of our company, we value all comments and suggestions
- Transparency across teams and interaction with multiple departments
- Competitive pay, employer-paid healthcare, stock options
Applicants must be currently authorized to work in the United States on a full-time basis. Cedar will not hire any applicants for the role who are present in the United States on an F-1 visa. Cedar is not an E-Verify employer and cannot employ individuals on a STEM OPT extension.
#LI-SG1
#LI-REMOTE