Senior Security Incident Response Engineer

Seattle, WA or Remote

Full Time Senior-level / Expert
98point6 Inc. logo
98point6 Inc.
98point6 delivers on-demand diagnosis and treatment from board-certified physicians via secure in-app messaging. Get care anywhere.
Apply now Apply later

Our mission is to deliver high-quality primary care that is accessible, convenient and affordable for all. Every single day you’ll be working on challenging problems with exceptional people to profoundly transform primary care and improve people’s quality of life.

This role allows you to work from anywhere you choose across the U.S. (excluding U.S. territories), with the flexibility to work from the Seattle HQ office as often as you’d like. Please note that no matter where you are located, all employees should be available during our core working hours from 10 am to 4 pm PT Monday through Friday.   Your role and impact

As a Sr. Security Incident Response Engineer at 98point6, you will collaborate with internal teams that deal with PHI belonging to a large number of patients and it is imperative that this data is secured. We are building our security team to help safeguard this information, and your work will improve our overall security posture. From implementing detection capabilities for anomalous behavior, threat-hunting, spearheading security incident response, conducting training for our engineering team to keeping up with industry best practices, you will be empowered to do the work that is most important for the organization. This is a hands-on technical role that will be involved in all aspects of the security incident response life-cycle.

Strategic projects you will work on in your first year are:

  • Security Information and Event Management(SIEM) implementation, which will involve the following:
    • Taking the team’s initial work to identify a SIEM and determining what solution best meets our requirements to deploy into production
    • Once deployed, partnering with Platform Engineering and other teams to ensure relevant logs are emitted and ingested into the SIEM 
    • Developing patterns and best practices to tune the SIEM for security alert correlations
    • Responding to incidents triggered by SIEM alerts
    • Leading root cause analysis and retrospectives after incidents to drive relentless improvement
  • Endpoint Detection and Response(EDR) vendor analysis and deployment, which will involve the following:
    • Partnering with Corp-IT to develop a decision matrix that will be leveraged for EDR vendor selection
    • Determining what solution best meets our requirements to deploy into production
    • Deployment of solution into production
    • Developing patterns for automatic response to identified threats
  • Perform detection, analysis and containment of an incident
  • Identify key performance metrics for security IR and implement instrumentation for those metrics 
  • Demonstrate, integrate and collaborate on enhancing existing security solutions and services to address any gaps or deficiencies
  • Develop security incident response drill scenarios and lead table top exercises
  • Ensure proper training for stakeholders regarding their incident response roles and responsibilities in the event of a breach
  • 5+ years of experience in the security industry working in any combination of the following areas: cloud operations and engineering, network security monitoring, log analysis, static and dynamic malware analysis, NIST Kill Chain, MITRE ATT&CK framework, threat hunting, SIEM, EDR
  • Writing and reviewing code (Java, Python, Node or similar)
  • Collaborating effectively with software engineering teams
  • Implementing security detection capabilities 
  • Proven ability to make decisions and perform complex problem-solving activities under pressure
  • Knowledge of AWS cloud infrastructure and their threat landscape
  • Experience responding to security events

98point6 provides equal employment opportunities to all without regard to race, color, religion, sex (including sexual orientation or gender identity), national origin, age, disability, genetic information or other protected status.

Job region(s): Remote/Anywhere North America
Job stats:  11  0  0
  • Share this job via
  • or

Explore more Information Security career opportunities