Senior Security Analyst - Palo Alto, United States - hims & hers

Description

Hims & Hers

Hims is a one-stop telehealth service for men's wellness and care, providing treatment options for hair loss, ED & more.

View company page

Hims & Hers Health, Inc.

(better known as Hims & Hers) is the leading health and wellness platform, on a mission to help the world feel great through the power of better health.

We are revolutionizing telehealth for providers and their patients alike.

Making personalized solutions accessible is of paramount importance to Hims & Hers and we are focused on continued innovation in this space.

Hims & Hers offers nonprescription products and access to highly personalized prescription solutions for a variety of conditions related to mental health, sexual health, hair care, skincare, heart health, and more.

Hims & Hers is a public company, traded on the NYSE under the ticker symbol "HIMS". To learn more about the brand and offerings, you can visit

and , or visit our investor site .

For information on the company's outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit .

About the Role:
We are seeking a Senior Security Analyst to help build our Security Operations discipline. Our team moves at a fast pace and always looking to help drive best security practices at our core.

This dynamic team enables multiple areas of the business to be able to stay agile, but with always being vigilant to keep our infrastructure secure and drive innovation.

This is an opportunity to directly drive change and security in our business.

You Will:

Advanced Security Monitoring and Analysis:
Oversee the continuous monitoring and in-depth analysis of network traffic, system logs, and security alerts, employing cutting-edge SIEM

solutions and leveraging advanced threat intelligence feeds to detect and respond to sophisticated cyber threats
Incident Response

Mastery:

Develop, refine, and lead the execution of advanced incident response plans and procedures, orchestrating multifaceted incident handling activities with a focus on rapid containment, eradication, and recovery.

Serve as the ultimate technical authority during high-stress security incidents

Vulnerability Assessment and Management Expertise:
Lead the identification and prioritization of vulnerabilities across our intricate technology stack, conducting comprehensive vulnerability assessments and overseeing advanced remediation efforts, including penetration testing and code review
AWS, Azure, and GCP

Security Expertise:
Utilize your extensive knowledge of AWS, Azure, and GCP security best practices to assess and enhance the security of cloud

environments. Implement and maintain security configurations, identity and access controls, and encryption mechanisms specific to each cloud platform. Conduct security assessments and audits to identify vulnerabilities and provide recommendations for remediation

Pioneering Threat Intelligence Integration:
Maintain an expert understanding of emerging cybersecurity threats and trends, actively integrating advanced threat intelligence into security operations to drive proactive threat detection and support the development of custom threat-hunting methodologies
Master of Security Automation and Tooling: Spearheaded the development and deployment of highly sophisticated scripts, automation tools, and custom security solutions to optimize and streamline complex security tasks, enhance operational efficiency, and enable rapid response to evolving threats
Prior experience with Threat Hunting and making recommendations on findings
Experience in Red team, Blue team, Purple team, and table top exercise
Recommend and implement security enhancements to proactively address emerging threats
Assist in the development and enforcement of security policies, standards, and procedures
Prior experience with industry regulations and standards, such as NIST, CIS, and GDPR

You Have:
Bachelor's degree in a relevant field or equivalent work experience
Minimum of 5 years of experience in a security analyst role
Strong expertise in cloud computing, with a preference for AWS
Proficiency in Sumo Logic for creating Insights and Signals
Experience researching through logs for security investigations
Familiarity with security platforms such as Netskope, CrowdStrike, Tenable, Cisco Meraki, and Proofpoint, or similar products
Certifications such as OCSP, CompTIA Security+, Pentest+, or AWS Certified Security – a plus
Excellent problem-solving and analytical skills
Strong communication, documentation, and teamwork abilities
Ability to work independently and under pressure in a fast-paced environment
Exposure to penetration testing platforms such as Burp Suite, Kali Linux, Metasploit, Nexpose
Skilled with network security tools such as Palo Alto Firewalls, Cisco VPNs, Palo Alto IDS
Understanding of regulatory compliance (NIST CSF, SOX, ISO)

Our Benefits (there are more but here are some highlights):

Competitive salary

& equity compensation for full-time roles
Unlimited PTO, company holidays, and quarterly mental health days
Comprehensive health benefits including medical, dental & vision, and parental leave
Employee Stock Purchase Program (ESPP)
Employee discounts on hims & hers & Apostrophe online products
401k benefits with employer matching contribution
Hims & Hers Health, Inc.

(better known as Hims & Hers) is the leading health and wellness platform, on a mission to help the world feel great through the power of better health.

We are revolutionizing telehealth for providers and their patients alike.

Making personalized solutions accessible is of paramount importance to Hims & Hers and we are focused on continued innovation in this space.

Hims & Hers offers nonprescription products and access to highly personalized prescription solutions for a variety of conditions related to mental health, sexual health, hair care, skincare, heart health, and more.

Hims & Hers is a public company, traded on the NYSE under the ticker symbol "HIMS". To learn more about the brand and offerings, you can visit

and , or visit our investor site .

For information on the company's outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit .

About the Role:
We are seeking a Senior Security Analyst to help build our Security Operations discipline. Our team moves at a fast pace and always looking to help drive best security practices at our core.

This dynamic team enables multiple areas of the business to be able to stay agile, but with always being vigilant to keep our infrastructure secure and drive innovation.

This is an opportunity to directly drive change and security in our business.

You Will:

Advanced Security Monitoring and Analysis:
Oversee the continuous monitoring and in-depth analysis of network traffic, system logs, and security alerts, employing cutting-edge SIEM

solutions and leveraging advanced threat intelligence feeds to detect and respond to sophisticated cyber threats
Incident Response

Mastery:

Develop, refine, and lead the execution of advanced incident response plans and procedures, orchestrating multifaceted incident handling activities with a focus on rapid containment, eradication, and recovery.

Serve as the ultimate technical authority during high-stress security incidents

Vulnerability Assessment and Management Expertise:
Lead the identification and prioritization of vulnerabilities across our intricate technology stack, conducting comprehensive vulnerability assessments and overseeing advanced remediation efforts, including penetration testing and code review
AWS, Azure, and GCP

Security Expertise:
Utilize your extensive knowledge of AWS, Azure, and GCP security best practices to assess and enhance the security of cloud

environments. Implement and maintain security configurations, identity and access controls, and encryption mechanisms specific to each cloud platform. Conduct security assessments and audits to identify vulnerabilities and provide recommendations for remediation

Pioneering Threat Intelligence Integration:
Maintain an expert understanding of emerging cybersecurity threats and trends, actively integrating advanced threat intelligence into security operations to drive proactive threat detection and support the development of custom threat-hunting methodologies
Master of Security Automation and Tooling: Spearheaded the development and deployment of highly sophisticated scripts, automation tools, and custom security solutions to optimize and streamline complex security tasks, enhance operational efficiency, and enable rapid response to evolving threats
Prior experience with Threat Hunting and making recommendations on findings
Experience in Red team, Blue team, Purple team, and table top exercise
Recommend and implement security enhancements to proactively address emerging threats
Assist in the development and enforcement of security policies, standards, and procedures
Prior experience with industry regulations and standards, such as NIST, CIS, and GDPR

You Have:
Bachelor's degree in a relevant field or equivalent work experience
Minimum of 5 years of experience in a security analyst role
Strong expertise in cloud computing, with a preference for AWS
Proficiency in Sumo Logic for creating Insights and Signals
Experience researching through logs for security investigations
Familiarity with security platforms such as Netskope, CrowdStrike, Tenable, Cisco Meraki, and Proofpoint, or similar products
Certifications such as OCSP, CompTIA Security+, Pentest+, or AWS Certified Security – a plus
Excellent problem-solving and analytical skills
Strong communication, documentation, and teamwork abilities
Ability to work independently and under pressure in a fast-paced environment
Exposure to penetration testing platforms such as Burp Suite, Kali Linux, Metasploit, Nexpose
Skilled with network security tools such as Palo Alto Firewalls, Cisco VPNs, Palo Alto IDS
Understanding of regulatory compliance (NIST CSF, SOX, ISO)

Our Benefits (there are more but here are some highlights):

Competitive salary

& equity compensation for full-time roles
Unlimited PTO, company holidays, and quarterly mental health days
Comprehensive health benefits including medical, dental & vision, and parental leave
Employee Stock Purchase Program (ESPP)
Employee discounts on hims & hers & Apostrophe online products
401k benefits with employer matching contribution
Offsite team retreats
#LI-Remote
Outlined below is a reasonable estimate of H&H's compensation range for this role.

H&H also offers a comprehensive Total Rewards package that includes equity grants of restricted stock (RSU's) so that H&H employees own a piece of our company.

The actual amount will take into account a range of factors that are considered in making compensation decisions including but not limited to, skill sets, experience and training, licensure and certifications, and location.

Consult with your Recruiter during any potential screening to determine a more targeted range based on the job-related factors.

We don't ever want the pay range to act as a deterrent from you applyingAn estimate of the current salary range for US-based employees is$100,000—$115,000 USD We are focused on building a diverse and inclusive workforce.

If you're excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.

Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law.

Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.

Hims & hers is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures.

If you need assistance or an accommodation due to a disability, you may contact us . Please do not send resumes to this email address.

For our California-based applicants – Please see ourCalifornia Employment Candidate Privacy Policy to learn more about how we collect, use, retain, and disclose Personal Information.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr