Share This Job
As a core part of Scope's Engineering team, you will be responsible for mining our dataset and detecting attack patterns, and training our stack to detect those patterns in the future. You will spend your days looking for the largest possible threats to our customers and their patients, and determining first how they'd likely appear in the data that we are collecting and then ensuring that we detect and alert on those patterns.
This position is an opportunity to teach our system to identify attackers across the healthcare landscape. We are building a product that will help Healthcare Delivery Organizations (HDOs) protect the safety, privacy and security of their patients and this role will be on the front lines of that protection. These are challenging problems, and you must not only be open-minded to tackling new exploratory areas, new threat actors and new threat types, but also be continually improving and evolving and continually improving our detection to meet the ever increasing number and variety of threats facing all healthcare delivery organizations.
If you are the kind of person who loves solving hard and interesting security challenges and wants to do so in a way that makes the world (and especially our HDOs) a better and safer place, you'll probably fit in well here—especially if you're someone who loves to detect bad actors in diverse and challenging datasets and if you're someone who celebrates the success of the others on your team as much as you celebrate your own.
- Identify and stop threats to security, safety, and privacy across our healthcare customers. Take lead on threat hunting, IOC (indicators of compromise) analysis, TTP (Tactics, Techniques, and Processes) analysis, and incident response.
- Push the boundaries of security technology to create and tune defenses to be specific to the types of threats, vulnerabilities, and attacks that large scale healthcare infrastructure and networks experience
- Work to develop and customize the alerts that we send and the way that our product interacts with customers—this includes creating dashboards, customizing alerts and rules, tuning alerting and detection parameters, etc.
- Work closely with our clients' internal security, IT, and biomedical teams to address the most severe security alerts and incidents, including full-cycle of detection, analysis, containment, eradication, recovery, and post-mortem improvement
- Hunt down and neutralize malware, ransomware, and other key attack types before they affect our users
- Create detection logic to protect users from current and future threats
- Develop tools to mine our data set to identify new attacks, actors, IOCs, and threat patterns
Qualifications and skills:
- Excellent teamwork, leadership, and coaching skills. Security is a discipline where you have to keep up with the constant stream of new developments and breakthroughs in the industry. This means everyone will have an opportunity to be in a teaching role at some point.
- Excellent learning and "followership" skills. True success comes from a culture that strives to make everyone the best versions of themselves. It is difficult to lead, but even more difficult and crucial to step back and learn from your team as a follower. Each of us is both a teacher and a student, and you have to be as comfortable learning as you are teaching.
- Insatiable curiosity and a strong drive to understand how attackers work and how their attacks are tailored to modern healthcare environments
- An understanding of how attackers compromise systems and how different actors' tools, techniques, and procedures (TTPs) work
- A fundamental understanding of TCP/IP and core application layer protocols
- Fluency with Windows & Linux operating systems and command line tools
- Experience with tools used for forensic acquisition and analysis and some experience with the incident response process
- Familiarity with the attack lifecycle / kill chain and/or the MITRE ATT&CK framework and an understanding of how that lifecycle could applied in the compromise of healthcare environments
- Experience operating in a cloud environment (AWS or GCP)
- Experience with infrastructure as code (e.g. Terraform, Cloudformation, Chef, or Puppet) is helpful
- Other potentially useful experience includes Osquery, Splunk, and experience with ELK – (ElasticSearch, Logstash, Kibana) and intrusion detection tools (e.g. Splunk, Suricata, Bro) and offensive security tools (eg Metasploit)