Incident Response Security Engineer

San Francisco, CA

About Us

One Medical is a membership-based primary care platform challenging the industry status quo by making quality care more affordable, accessible and enjoyable. But this isn’t your average doctor’s office. We’re on a mission to transform healthcare, which means tackling the frustrations of everyone involved — from patients and providers to employers and health networks.

Across the country, our members enjoy access to comprehensive care at more than 80 locations across twelve cities (and counting!) as well as 24/7 access to virtual care. We’ve reached some exciting milestones this year, but our work is far from over. As we continue to grow and broaden our impact, we’re building a diverse, driven and empathetic team, while working hard to cultivate an environment where everyone can thrive.

The Opportunity

As an Incident Response Engineer you will be on the front lines of securing people’s healthcare and personal information at scale. This role isn’t for button pushers, software engineers, or computer scientists. This role is for security practitioners. We expect you to do everything from handling high severity security incidents, implementing the latest detection techniques, and creating custom automations and integrations to enhance response workflows. This position will constantly challenge you to learn new skills and apply yourself in different ways towards our mission of advancing security in the healthcare industry. 

In this role, we expect you to drive incidents and projects to resolution by understanding internal and external stakeholder requirements and expectations. You will also be expected to solve complex problems by evaluating security risks and benefits of different solutions before making project decisions. We love working with people who are open to feedback and actively seek opportunities to improve and are able to gain the confidence and trust of others through honesty, integrity, and authenticity.

As a member of the One Medical Security team you will be joining a team of highly technical people focusing on having a meaningful impact on the company and the greater healthcare industry. We operate with a ‘team first’ mentality focusing on collaboration to move the security needle forward. Our drive for team success is tied closely with our commitment to personal growth; every team member is empowered to pursue research and contribute to projects that are not strictly defined by their role.

What you'll work on:

  • Monitoring, detecting, responding to, and remediating security events across our infrastructure
  • Handling incidents and following through the full Incident Response Lifecycle from the Identification phase to the Recovery & Lessons Learned phase
  • Working with cross-functional teams to drive containment and  remediation efforts during incidents
  • Developing new and novel solutions for detecting and mitigating threats against One Medical
  • Interrogating network and host artifacts originating from multiple operating systems and/or applications
  • Participating in security projects that help to improve the company's security posture, as well as the industry itself

You'll be set up for success if you have:

  • 2+ years experience in Security Incident Response / Security Operations / SOC
  • 1+ year of scripting language experience or experience with workflow automation tools
  • Good working knowledge of computer networks and common protocols (TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, HTTP)
  • Demonstrated ability to analyze and correlate data from a wide variety of external and internal sources
  • Significant exposure to Incident Response (IR) and familiarity with the phases involved in the IR Lifecycle from start to finish (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned)
  • Familiarity to writing high signal detections using logs ingested from multiple sources throughout our infrastructure
  • The ability to think critically to solve complex security problems and design efficient solutions using knowledge of security threats, attack vectors, vulnerabilities and exploits
  • Strong collaboration skills and the ability to communicate effectively to both technical and non technical people
  • Ability to think strategically & understand how different cross-functional programs within the Security org align together to improve the security posture of the company
  • Bachelors in Computer Science

Nice to have:

  • Experience writing, reading, and debugging regular expressions
  • Experience performing offensive assessments, penetration testing, exploit development, or vulnerability analysis
  • Experience building automation between tools and systems utilizing APIs to help create efficient detection & response workflows.
  • Experience performing analytics against aggregated log data and building configurations to parse and handle log data from systems and tools
  • Experience with common security tools such as Splunk, Bro, Suricata, OSQuery, AWS Lambda, ELK
  • Experience performing dynamic analysis of malware to develop signatures and countermeasures
  • Forensic experience in at least one major operating system platform (Windows, OS X, or Linux)
  • Experience developing and maintaining relationships with members of the Information Security, Threat Intelligence, and Law Enforcement communities
  • Experience in presenting at conferences, publishing research articles and contributing to the security community.
  • Masters in Cybersecurity

Benefits designed to aid your health and wellness:

Taking care of you today

  • Paid sabbatical after 5 and 10 years
  • Employee Assistance Program - Free confidential advice for team members who need help with stress, anxiety, financial planning, and legal issues
  • Competitive Medical, Dental and Vision plans
  • Free One Medical memberships for yourself, your friends and family
  • Pre-Tax commuter benefits
  • PTO cash outs - Option to cash out up to 40 accrued hours per year

Protecting your future for you and your family

  • 401K match
  • Opportunity to participate in company equity programs
  • Credit towards emergency childcare
  • Company paid maternity and paternity leave
  • Paid Life Insurance - One Medical pays 100% of the cost of Basic Life Insurance
  • Disability insurance - One Medical pays 100% of the cost of Short Term and Long Term Disability Insurance

This is a full-time role based in San Francisco, CA


One Medical is an equal opportunity employer and encourages all applicants from every background and life experience.