Information Security Engineer

HealthTap, Mountain View

See jobs at HealthTap

HealthTap is delivering universal access to quality, primary healthcare, HealthTap improves the experience for both patients and doctors while saving time and reducing costs for all. HealthTap’s doctor-trained, augmented intelligence system personalizes users’ care and enables an instant connection to doctors and their knowledge from 147 specialties. HealthTap serves its app to employers, insurance companies, health systems, and users around the world. More than 100,000 doctors and 8 million members have trusted HealthTap for immediate access to healthcare.

We believe technology improves, simplifies, and accelerates access to healthcare by guiding consumers toward a more personalized experience, expediting treatment, coordinating care, and freeing doctors to focus on what they do best.

HealthTap is well capitalized, having raised over $88 million. We are backed by an esteemed collection of venture capital firms including Khosla Ventures, Mayfield, Mohr Davidow, and Samsung. Each of these firms is deeply committed to HealthTap and are optimistic about HealthTap’s vision for the future of healthcare.

As our Information Security Engineer, you will help ensure the trusted and optimal operations of our production and corporate computing environments with a cloud forward approach. This position will set up the tools and procedures for our team to monitor the security posture of the company for internal and external risks to our systems, networks, and data. As part of these efforts, you will be responsible for developing and implementing security solutions in concert with various HealthTap teams (to include DevOps, Engineering, IT, HR, etc). Being a cloud forward company, automation and monitoring is key - you will lead the design and development of secure automation practices in an agile framework to support compliance and security for the HealthTap cloud infrastructure at scale, for both production and corporate security infrastructure/efforts. With this focus, you will be key in implementing and managing all of the daily and ongoing information security risk management efforts and programs for HealthTap, to include incident response and security operations. This role reports to our Head of Security and can be located in our Mountain View or San Francisco offices. The expectations of travel are minimal, other than between our Mountain View and San Francisco offices.

Job Responsibilities:

  • Help implement a capability driven and highly automated approach to our security operations, monitoring & detection, incident response capabilities, and our overall information security risk management program efforts
  • Facilitate and embed security controls into our continuous integration and delivery process efforts, baking security into the infrastructure
  • Set up monitoring dashboards, alerts, log management, and other security operations capabilities by utilizing industry standard tools and platforms (open source or commercial technologies) with our currently deployed toolsets/platforms
  • Ensure our currently deployed toolsets/platforms are deployed and configured optimally with our business needs and risk thresholds in mind
  •  Monitor for, provide analysis on, and take action on identifying and mitigating risk:
    • Current happenings in the information security space.
    • Findings from information technology and information security monitoring and detection toolsets.
    • Reports from assessments, to include external auditors and penetration testers.
    • Alerts and detections from our monitoring tools.
  • Conduct analysis on findings, pulling together indicators of compromise (IoCs), event timeline, and summary of situation with recommendations for mitigation and path forward.
  • Present evidence and findings to leadership, customers, and possibly law enforcement and legal entities.
  • The deployment, secure configuration, and management of our monitoring and detection as well as other security toolsets.
  • Documentation and best practices for the team’s efforts.
  • Recommendations and best practices for securing our services, networks, and systems.
  • Assist in the coding/scripting of automation for information security monitoring and mitigation actions.
  • Solve problems relating to critical services and business processes that improve our  security risk posture and business processes.

Skills Required

  • Ability to monitor, evaluate, and interpret vulnerabilities/CVEs, vulnerability assessments, cloud platform/system/device/IDS/IPS logs, threat analysis, and malware.
  • In-depth knowledge on how to administer and effectively manage monitoring and detection systems that are UNIX, Linux, and/or BSD based that are based in AWS.
    • Understand security concepts in AWS cloud and familiarity with available AWS security tools, such as Inspector, GuardDuty, Config, CloudTrail, etc.
  • Familiar with log management and security analytics tools for AWS, including open source tools such as ELK (ElasticSearch, Logstash, & Kibana), Greylog, etc.
  • Experience with integrating security in the continuous integration, continuous delivery, and continuous deployment (CI/CD) pipeline (running unit tests, running security tools, managing secrets using Vault) using configuration management and automation tools such as Jenkins, Chef, Ansible, Puppet, etc.
  • Proficiency with using and securing popular cloud services (SAAS, IAAS, etc.).
  • In-depth, practical knowledge of how legitimate users administer, use, and secure common operating systems and cloud platforms, and how malicious actors exploit them.
  • In-depth knowledge of how legitimate users administer, use, and secure common consumer and enterprise network devices and systems, and how malicious actors exploit them.
  • Thorough understanding of computer networking, routing, and protocols.
  • Understanding of information security architecture, mitigation of threats, and compensating controls.
  • Knowledge of vulnerability and patch management concepts and tools
  • Experienced in scripting languages, such as Python, Perl, Ruby, Bash
  • Experience with and proven methods for managing the information security incident lifecycle, including incident response, mitigation, after-action reporting, and mapping a path forward.
  • Knowledgeable about and able to apply open-source and proprietary information within the industry.
  • Excellent oral and written communications skills for working with a diverse professional clientele with varying levels of technical experience. Ability to interact with customers and co-workers both in person and in writing.
  • Ability to research highly technical topics and derive logical conclusions using well thought out processes.
  • Ability to combine information from various sources into clear, concise technical documents that explain the background and procedures for detecting and mitigating risks.
  • Experience with enterprise risk management programs, including internal audits, consulting engagements, information technology reviews, audit, and compliance efforts.
  • A willingness and desire to learn.
  • Possess and nurture a hacker mentality: Being able to visualize issues and possible solutions outside the box.
  • Must be a conscientious, punctual, professional and devoted member of our team; with the ability to safeguard sensitive, restricted, and other information deemed to have special handling and dissemination protocols.
  • Highest level of ethics and core values.
  • Experience with Regular Expressions (REGEX).
  • Effective when working under pressure and good enough to make sure that rarely happens.

Preferred Skills:

  • Experience with both RDBMS (MySQL) and NoSQL (Cassandra, Couchbase, Mongo).
  • Experience with and proven methods for analyzing and interpreting information from Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), or SecOps systems
  • Familiarity with digital forensics procedures and tools, malware analysis, and reverse engineering.
  • Ability to apply statistics and other mathematical methods to data analysis.

Required Qualifications:

  • Bachelor's degree, a combination of experience and/or Associates degree, or an equivalent combination of equivalent education and work experience. Degree must be from an accredited institution, with degree in a technical discipline or significant coursework in software development, information security, or information technology is preferred.
  • Having or planning to have SANS certifications is a plus. Examples: GIAC Certified Incident Handler (GCIH), GCIA: GIAC Certified Intrusion Analyst, Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance (CSA). The ability to articulate and demonstrate skills are as or more important than the certification.
  • At least five (5) years in Information Technology and/or Information Security, including at least three (3) years doing information security risk management, including intrusion analysis, monitoring and detection, and threat/vulnerability analysis in a cloud forward business environment.

We offer...

  • Casual, contemporary, comfortable offices based in downtown Mountain View (near Stanford) and San Francisco (near Jackson Square)
  • Caring for our team with fantastic benefits
    • Competitive salary
    • Full medical, dental, and vision coverage
    • Daily catered lunches
    • Healthy snacks and beverages
    • Equity share
    • Subsidized gym memberships
    • Choice of technology
    • Dog-friendly offices
    • Much more...


Learn more about us, our story, and how we are revolutionizing virtual healthcare globally at HealthTap.com. We’re having a good time and we’re making a difference in people’s lives! We are an equal opportunity employer, value diversity and inclusion, and enjoy seeing our employees grow with us.


About HealthTap

About us Our mission at HealthTap is to help billions of people across the globe live longer, healthier, and happier lives. We believe healthcare is a human right, and we're committed to reinventing the way people all over the world take care of their health and well-being- because we know we all, at heart, simply want to Feel Good and thrive. HealthTap, a world economic forum technology pioneer, is the world’s first global health practice that delivers immediate, world-class healthcare 24/7, from query-to-cure. Through video, voice, and text chat on any mobile device or personal computer, we serve hundreds of millions of users around the around the globe with trusted and compassionate doctor information, from the world’s largest doctor network of more than 108,000, top U.S. licensed doctors. HealthTap’s proprietary, robust, and secure Health Operating System (HOPES) and proprietary triaging technology (Dr. AI), powered by machine learning and artificial intelligence, enable hospital systems, insurance companies, employers, and governments worldwide to deliver the right care at the right time, at the right cost. HOPES is now powering the HealthTap Cloud, a first of its kind virtual cloud dedicated to healthcare. We believe in constant curiosity, innovation, passion, positivity, caring, kindness, challenge, excellence, and impact. Above all, in everything we do, we want to empower people from all over the world to take charge of their health and happiness, to Feel Good, and to smile.

Want to learn more about HealthTap? Visit HealthTap's website.