Senior Security Automation Engineer
New York, NY or Remote
Who We Are
Ro is a direct-to-patient healthcare company with a mission of helping as many patients as possible achieve their health goals. Ro is the only company to offer telehealth care, at-home diagnostic testing, labs, and pharmacy services nationwide. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 98% of primary care deserts.
Ro was recognized as a CNBC Disruptor 50 in 2022, listed by Inc. Magazine as a Best Place to Work in 2022 for our third consecutive year, and named one of FORTUNE's 2022 Best Medium Workplaces.
The Security Engineering Team protects the security and privacy of our patients by enabling the business to operate securely in all facets of its operations. This role is a non-managerial, hands-on technical role that specializes in security engineering, with a heavy focus on SIEM content detection and automation. This team collaborates with Security Operations, Product Security and IT in devising, implementing, and communicating a well-rounded approach to security controls implementation. With first-hand influence on strategic security initiatives at Ro, you will be relied upon to provide teams with the security expertise necessary to make confident risk decisions. This role reports to the Security Engineering Lead and will work closely with all teams across the company.
What You’ll Do:
- Engineer, operate and maintain existing security technologies such as SIEM/SOAR, SWG, CASB, CSPM and EDR for business and patient-facing environments
- Collaborate with cross-functional teams to identify security requirements, assess technology solutions, and integrate security controls into new and existing systems and applications
- Spearhead detection engineering efforts by designing, implementing, and continuously refining advanced correlation rules, use cases, and behavioral analytics within the SIEM platform to enhance threat detection capabilities and improve response times to security incidents
- Develop and implement automation scripts and tools to streamline security processes, such as log collection, data enrichment, analysis, and incident response, improving operational efficiency and reducing manual effort
- Perform regular maintenance and tuning of security infrastructure and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and vulnerability scanners, to ensure optimal performance and effectiveness
- Stay informed about emerging security threats, vulnerabilities, and industry trends, conducting research and attending training sessions or conferences to enhance knowledge and skills
- Participate in security incident response activities as required, including incident detection, analysis, containment, eradication, and recovery, collaborating with internal and external stakeholders to minimize the impact of security incidents
What You’ll Bring:
- 5+ years of experience operating in a modern, cloud-based security enterprise
- Experience with SIEM platforms: Hands-on experience with SIEM platforms such as Splunk or Elastic, including the development of security content, rules, and alerts
- Experience with scripting and automation: Demonstrated proficiency in scripting languages such as Python or Bash, coupled with practical experience with SOAR platforms such as Phantom or XSOAR for automation, orchestration and response tasks
- Cloud security: Understanding of cloud security principles and best practices, with experience in securing environments such as AWS, Azure, or Google Cloud Platform, including knowledge of cloud-native security tools and services
- Understanding of fundamental security theory and technologies: Comprehensive knowledge of security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, identity and access management (IAM), encryption, vulnerability management, data loss prevention (DLP) and secure web gateway (SWG) solutions
- Strong communication and partnering skills: Ability to effectively communicate technical concepts to both technical and non-technical stakeholders, collaborate with cross-functional teams to gather requirements and provide guidance on security best practices
We’ve Got You Covered:
- Full medical, dental, and vision insurance + OneMedical membership
- Healthcare and Dependent Care FSA
- 401(k) with company match
- Flexible PTO
- Wellbeing + Learning & Growth reimbursements
- Paid parental leave + Fertility benefits
- Pet insurance
- Student loan refinancing
- Virtual resources for mindfulness, counseling, and fitness
The target base salary for this position ranges from $144,500 to $183,000, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills, and experience. These considerations may cause your compensation to vary.
Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites).
At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law.