Hi, we're Oscar. Were hiring a Security Engineer, Detection & Incident Response to join our Security team in our New York office.
Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 & headquartered in New York City. Our goal is to make health insurance simple, transparent, & human. We need your help to do so.
About the role:
Taking care of our members includes securing their data. The mission of the Security team is to protect the data our customers have entrusted to us, & make it possible for Oscar management to make informed, risk-calibrated decisions.
In this role, you will support the information security incident response efforts by collecting & analyzing evidence & providing reports of identified threats, as well as search for insider threats. You will work with other Security team members & partner cross-functionally with Engineering, IT, & SRE to to help prioritize & close control gaps & reduce enterprise risk.
You will report into the Director of Detection & Response.
- Respond to & direct actions around data security incidents & coordinate between the information security, product, legal, privacy, compliance & engineering teams if necessary
- Document incidents & events & track action items following post mortem
- Design & conduct tabletop exercises to assure organizational readiness
- Establish processes & build playbooks around operational responses to incidents
- Perform forensic processes including chain of custody, computer acquisition techniques, & memory acquisition techniques
- Support the overall improvement of the security process & documentation
- Have 4+ years of career experience related to Digital Forensics & Incident Response
- Proficiency in at least 1 programming or scripting language (preference to Python or Go)
- Knowledge of network & web related protocols (e.g. TCP/IP, UDP/IP, IPSEC, HTTP/HTTPS)
- Have previously applied your skills in reverse engineering, computer forensics, ethical hacking, & threat hunting to solve problems in a technology-first environment
- Previous experience in particular OS environments (Mac, Chromebook, & Linux) as well as cloud environments (AWS & GCP)
- Able to analyze system & network logs to piece together what happened
- In-depth technical understanding that enables you to assess security risks in a technology-heavy company
- Can fluently communicate security risks to both technical & non-technical audiences
- Have a basic understanding of privacy regulation & best practices such as:
- NIST Standard for security incidents
Life at Oscar:
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves & find both belonging & support. We're on a mission to change health care -- an experience made whole by our unique backgrounds & perspectives.
We encourage our members to care for their whole selves, & we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, & volunteer opportunities.
Oscar applicants are considered solely based on their qualifications, without regard to applicants disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (email@example.com) to make the need for an accommodation known.
Pay Transparency Policy:
Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.