Security Analyst

HeartFlow, Inc. is a medical technology company transforming the diagnosis and management of coronary artery disease, the #1 cause of death worldwide, using cutting-edge technology. The flagship product—an AI-based, non-invasive cardiac test called the HeartFlow Analysis—provides a color-coded, 3D model of a patient’s coronary arteries indicating the impact blockages have on blood flow to the heart. It offers physicians a completely novel way to diagnose and treat cardiac patients. Our pipeline of products is growing and so is our team; join us in helping to revolutionize precision heartcare.   HeartFlow is a VC-backed, pre-IPO company that has received international recognition for exceptional strides in healthcare innovation, is supported by medical societies around the world, cleared for use in the US, UK, Europe, Japan and Canada, and has been used for more than 100,000 patients worldwide. 

The Security Analyst (hybrid) role is responsible for tier 1 support of HeartFlow’s security functions as part of the Information Security team. This includes working with security engineers as well as internal teams, like IT and DevOps, and external security partners.

This role offers an opportunity to learn and work hands-on with multiple security technologies and provides a path to grow into a security engineer in a dynamic environment. #LI-IB1

Job Responsibilities:

• Operational support for information security tool alerts, triaging, and maintenance.
• Perform first level incident response and computer forensics activities.
• Work closely with our external security partners.
• Respond to end user security support requests, monitor security inbox and tickets, and follow up on support requests through to completion.
• Work with the security engineers to perform alert tuning and uncover network vulnerabilities.
• Assess security controls and evaluate security posture of organizational internal controls.
• Provide support for training and awareness initiatives, including but not limited to phishing tests, lunch and learn logistical support, etc.
• Research security trends, new methods, and techniques used to preemptively eliminate the possibility of system breach.
• Assist the IAM team with user account management.
• Maintain confidentiality on all sensitive security matters.
• Participate in the on-call rotation for the security team.

Skills Needed:

• Self-starter, positive attitude, and excellent communication skills.
• Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice.
• Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management.
• Ability to identify and mitigate vulnerabilities and explain how to avoid them.

Preferred Knowledge and Experience:

• General understanding of firewalls, SIEMs, endpoint protection, IDP/IPS, phishing, and other fundamental security concepts.
• General understanding of secure network and system design in both cloud (AWS, Azure, etc.) and on-premises environments.
• Basic knowledge of common information security management frameworks, such as NIST CSF.
• Basic knowledge of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, or HIPAA.

Educational Requirements and Work Experience:

• Minimum of 3 years experience in information security.
• Bachelor's degree in computer science or a related field is a plus.
• Industry certifications like Security+, CySA+, etc. are nice to have.

About HeartFlow, Inc. HeartFlow, Inc. is a medical technology company redefining the way heart disease is diagnosed and treated. Our non-invasive HeartFlow FFRct Analysis leverages deep learning to create a personalized 3D model of the heart. By using this model, clinicians can better evaluate the impact a blockage has on blood flow and determine the best treatment for patients. Our technology is reflective of our Silicon Valley roots and incorporates decades of scientific evidence with the latest advances in artificial intelligence. The HeartFLow FFRct Analysis is commercially available in the United State, Canada, Europe and Japan. For more information, visit www.heartflow.com.   HeartFlow, Inc. is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires, and respects all individuals and do not discriminate against any employee or applicant because of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. This policy applies to every aspect of employment at HeartFlow, including recruitment, hiring, training, relocation, promotion, and termination.   Positions posted for HeartFlow are not intended for or open to third party recruiters / agencies. Submission of any unsolicited resumes for these positions will be considered to be free referrals.   US Locations Only: All employees and contingent workers (contractor, consultant, interns or temporary personnel) are required to be vaccinated against SARS-CoV-2 as recommended by CDC, unless a reasonable accommodation is approved. All prospective hires will be expected to provide proof of vaccination on their first day of employment.