This is a fully Remote and Work From Home (WFH) opportunity within the US

Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients’ homes. The Science 37 Operating System (OS) enables universal access to patients and providers, leading to faster enrollment, greater retention, and a more representative patient population. To help us achieve our goal, we are seeking a Cybersecurity Threat Intel Engineer eager to make an impact within a mission-driven organization.

POSITION OVERVIEW

We are looking for an experienced, well-rounded cybersecurity professional who has an interest in immersing themselves into the landscape of current and emerging cyber threats. You’ll be on the front lines of innovation, working with a highly motivated team focused on analyzing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. Your research and technical work will ensure stability and resiliency of our product. Your ability to identify threats, provide intelligent analysis, and execute defenses will thwart crimes, strengthen our posture, and protect our data.

Specifically, you will serve as subject matter expert and hands-on lead for our Cybersecurity Threat Center. You will be responsible for assisting in the deployment, maintenance, tuning, monitoring, and managing of all aspects of the Threat Center, including threat hunting, triage, alert escalation, and incident response. Your experience and knowledge will play a critical role in developing and implementing strategies to secure Science 37’s customer and employee data across the globe. Acting as the front line for attacks against Science 37, your role will also include advanced analysis, evaluation of new security technology, and ensuring larger technology projects at the company are ready to be integrated into the cybersecurity monitoring functions.

Your role will include oversight and assistance in the response, analysis, and mitigation of cybersecurity incidents detected and escalated by the Threat Center in accordance with the Incident Response Plan. Knowledge and experience having been part of Cyber Incident Response Teams will be paramount in your development and streaming of the SOC/CIRT relationship.

DUTIES & RESPONSIBILITIES

Duties include but are not limited to:

Responsible for the day-to-day Threat Center operations, ensuring appropriate CIRT response to cybersecurity events and alerts associated to threats, intrusions, and/or compromises. Executes and improves the core functions of the Threat Center, including threat detection and prevention

Maintain and employ an understanding of advanced threats, vulnerability assessment, response and mitigation strategies used in cybersecurity operations

Develop monitoring strategy to improve visibility into existing technologies including both internal systems and customer facing SaaS products

Proactively research and hunt potential malicious activity and incidents across multiple platforms using advanced tools to identify and prioritizing emerging threats and potential attack campaigns

Collaborate closely with senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.

Administer, monitor, and maintain SIEM/XDR deployments and applications/modules within.

Develop dashboards and reporting to improve situational awareness and visibility of developing and existing threats

Provide leadership and support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and be able to help automate these processes

Ensure the monitoring and response to alerts of the intrusion detection and SIEM/XDR systems to discover and mitigate any malicious activity of the network or information assets

Use threat intelligence to build indicators of compromise into monitoring tools, be able to integrate these tools with one another to provide data enrichment

Ensure incidents are properly documented, procedures are followed, and chain of custody is maintained.

Ensure successful conclusion of cybersecurity incidents according to process and procedures within the Incident Response Plan and associated playbooks.

Perform after-action incident reporting and lead lessons-learned sessions with a diverse group of organizational resources.

Develop up to date runbooks and Standard Operation Procedures to maintain relevancy, address current/latest threats and technology, and ensure constant improvement that meet industry standards and latest attacks and threats

Provide analytic support pertaining to a wide range of cyber threat actors and attack campaigns

Make recommendations to improve operational effectiveness of threat intelligence activities.

QUALIFICATIONS & SKILLS

Minimum Qualifications

Bachelor’s degree in MIS, Computer Science, related discipline, and/or equivalent experience

8+ years of overall experience in CyberSecurity within a medium to large business environment

5+ years of experience working in a Threat Center or Security Operations Center (SOC) and/or on Cyber Incident Response Team (CIRT), performing incident handling, sensor alert tracking, and cybersecurity case management Incident Responseforensics. Experience must show continued progression through higher roles and elevated responsibilities.

3+ years of experience developing hands-on with Splunk and utilizing Splunk daily

2+ years of experience in vulnerability management, running scans, analyzing scans, re-scanning for remediation

Two or more professional currently held certifications related to Digital Forensics or Incident Response (e.g., GCIH, CEH, GCFE, GCFA, CFCE or other GIAC Certs).

Preferred Qualifications and Certifications

5+ years Security platform (Splunk) engineering/admin experience within a large-scale enterprise

Managing Splunk App development, scripting and log management solution design

Integrating data input from Splunk from other tools such as Nessus, AWS

Administrating Splunk Enterprise Security Application

Developing Splunk Dashboards, Report, Alerts, Visualizations and Optimize queries

Architecture (Universal Forwarders, SC4S, Deployment server, etc.)

Creating correlation and alerting rules

CISSP, CISP, GCIA, GPEN, beyond the above certifications

Splunk Certifications (Power User, Admin, etc)

AWS Experience + Certifications

Blue Team / Red Team experience

Skills/Competencies

Knowledge and understanding of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, emerging threats and vulnerabilities, and incident response methodologies

Expert understanding of technical cyber-security threats and indicators of compromise

Ability to identify network attacks or systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation

Significant experience in a Threat Center, Security Operations Center (SOC), Incident Response, or equivalent roles in a large, mission-critical environment.

Experience with threat hunting in SaaS/Cloud infrastructures, both as an individual and leading exercises with other team members.

Ability to review and interpret device and application logs from a variety of sources (e.g., Firewalls, Proxies, Web Servers, System Logs, Splunk, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.

Experience with the creation and tuning of alerting rules from a SIEM and other devices in response to changing threats.

Experience using EDR tools (such as Crowdstrike, Carbon Black, Sentinel One, Cylance) to analyze events to determine truefalse positive, perform malware analysis (both static and dynamic), binary triage, and file format analysis

Cybersecurity experience with Cloud services such as AWS and their modules such as IDS, IPS, WAF, etc

Hands on experience with Intrusion Detection Systems, Intrusion Prevention Systems

Cybersecurity knowledge and experience related to API

Excellent written and verbal communication skills to describe security event details and technical analysis with audiences within the cybersecurity organization and other technology groups.

Ability to constructively partner with application development, application support, and other IT infrastructure resources to define measurement frameworks, develop KPI’s and performance dashboards

Demonstrate good working knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks.

Demonstrate sound judgement skills, critical thinking skills, analytical expertise, attention to detail, and the ability to function in a fast-paced, dynamic, global environment.

Capabilities

Ability to communicate in English (both verbal and written)

REPORTING

The incumbent reports to the Director of Cybersecurity who will also assign projects, provide general direction and guidance. Incumbent is expected to perform duties and responsibilities with minimal supervision.

DIRECT REPORTS

None

BENEFITS

At Science 37, our focus is to provide you with a comprehensive and competitive total reward package that supports you at all stages of your career – both now and into the future. Our success depends on the knowledge, capabilities, and quality of our people. That’s why we are committed to developing our employees in a continuous learning culture – one where we challenge you with engaging work that adds to your professional development.

We value employee well-being and aim to provide team members with everything they need to succeed. Submit your resume to apply!

$70,000 — $120,000/year