\nThis is a fully Remote and Work From Home (WFH) opportunity within the US\n\nScience 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. The Science 37 Operating System (OS) enables universal access to patients and providers, leading to faster enrollment, greater retention, and a more representative patient population. To help us achieve our goal, we are seeking a Cybersecurity Threat Intel Engineer eager to make an impact within a mission-driven organization.\n\n\nPOSITION OVERVIEW \n\nWe are looking for an experienced, well-rounded cybersecurity professional who has an interest in immersing themselves into the landscape of current and emerging cyber threats. You'll be on the front lines of innovation, working with a highly motivated team focused on analyzing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. Your research and technical work will ensure stability and resiliency of our product. Your ability to identify threats, provide intelligent analysis, and execute defenses will thwart crimes, strengthen our posture, and protect our data.\n\nSpecifically, you will serve as subject matter expert and hands-on lead for our Cybersecurity Threat Center. You will be responsible for assisting in the deployment, maintenance, tuning, monitoring, and managing of all aspects of the Threat Center, including threat hunting, triage, alert escalation, and incident response.  Your experience and knowledge will play a critical role in developing and implementing strategies to secure Science 37’s customer and employee data across the globe.  Acting as the front line for attacks against Science 37, your role will also include advanced analysis, evaluation of new security technology, and ensuring larger technology projects at the company are ready to be integrated into the cybersecurity monitoring functions. \n\nYour role will include oversight and assistance in the response, analysis, and mitigation of cybersecurity incidents detected and escalated by the Threat Center in accordance with the Incident Response Plan.  Knowledge and experience having been part of Cyber Incident Response Teams will be paramount in your development and streaming of the SOC/CIRT relationship.  \n\nDUTIES & RESPONSIBILITIES \n\nDuties include but are not limited to: \n\nResponsible for the day-to-day Threat Center operations, ensuring appropriate CIRT response to cybersecurity events and alerts associated to threats, intrusions, and/or compromises. Executes and improves the core functions of the Threat Center, including threat detection and prevention \n\nMaintain and employ an understanding of advanced threats, vulnerability assessment, response and mitigation strategies used in cybersecurity operations\n\nDevelop monitoring strategy to improve visibility into existing technologies including both internal systems and customer facing SaaS products \n\nProactively research and hunt potential malicious activity and incidents across multiple platforms using advanced tools to identify and prioritizing emerging threats and potential attack campaigns\n\nCollaborate closely with senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks.\n\nAdminister, monitor, and maintain SIEM/XDR deployments and applications/modules within. \n\nDevelop dashboards and reporting to improve situational awareness and visibility of developing and existing threats \n\nProvide leadership and support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and be able to help automate these processes\n\nEnsure the monitoring and response to alerts of the intrusion detection and SIEM/XDR systems to discover and mitigate any malicious activity of the network or information assets \n\nUse threat intelligence to build indicators of compromise into monitoring tools, be able to integrate these tools with one another to provide data enrichment\n\nEnsure incidents are properly documented, procedures are followed, and chain of custody is maintained.\n\nEnsure successful conclusion of cybersecurity incidents according to process and procedures within the Incident Response Plan and associated playbooks. \n\nPerform after-action incident reporting and lead lessons-learned sessions with a diverse group of organizational resources. \n\nDevelop up to date runbooks and Standard Operation Procedures to maintain relevancy, address current/latest threats and technology, and ensure constant improvement that meet industry standards and latest attacks and threats \n\nProvide analytic support pertaining to a wide range of cyber threat actors and attack campaigns\n\nMake recommendations to improve operational effectiveness of threat intelligence activities.\n\n\n\nQUALIFICATIONS & SKILLS \n\nMinimum Qualifications  \n\nBachelor's degree in MIS, Computer Science, related discipline, and/or equivalent experience\n\n8+ years of overall experience in CyberSecurity within a medium to large business environment\n\n5+ years of experience working in a Threat Center or Security Operations Center (SOC) and/or on Cyber Incident Response Team (CIRT), performing incident handling, sensor alert tracking, and cybersecurity case management Incident Response\forensics.  Experience must show continued progression through higher roles and elevated responsibilities.\n\n3+ years of experience developing hands-on with Splunk and utilizing Splunk daily\n\n2+ years of experience in vulnerability management, running scans, analyzing scans, re-scanning for remediation\n\nTwo or more professional currently held certifications related to Digital Forensics or Incident Response (e.g., GCIH, CEH, GCFE, GCFA, CFCE or other GIAC Certs).\n\n\n\nPreferred Qualifications and Certifications\n\n5+ years Security platform (Splunk) engineering/admin experience within a large-scale enterprise\n\n\n\n\nManaging Splunk App development, scripting and log management solution design\n\nIntegrating data input from Splunk from other tools such as Nessus, AWS\n\nAdministrating Splunk Enterprise Security Application\n\nDeveloping Splunk Dashboards, Report, Alerts, Visualizations and Optimize queries\n\nArchitecture (Universal Forwarders, SC4S, Deployment server, etc.)\n\nCreating correlation and alerting rules\n\n\n\n\nCISSP, CISP, GCIA, GPEN, beyond the above certifications\n\nSplunk Certifications (Power User, Admin, etc)\n\nAWS Experience + Certifications\n\nBlue Team / Red Team experience\n\n\n\nSkills/Competencies \n \n\nKnowledge and understanding of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, emerging threats and vulnerabilities, and incident response methodologies \n\nExpert understanding of technical cyber-security threats and indicators of compromise\n\nAbility to identify network attacks or systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation\n\nSignificant experience in a Threat Center, Security Operations Center (SOC), Incident Response, or equivalent roles in a large, mission-critical environment.\n\nExperience with threat hunting in SaaS/Cloud infrastructures, both as an individual and leading exercises with other team members.\n\nAbility to review and interpret device and application logs from a variety of sources (e.g., Firewalls, Proxies, Web Servers, System Logs, Splunk, etc.) to identify root cause and determine next steps for containment, eradication, and recovery.\n\nExperience with the creation and tuning of alerting rules from a SIEM and other devices in response to changing threats.\n\nExperience using EDR tools (such as Crowdstrike, Carbon Black, Sentinel One, Cylance) to analyze events to determine true\false positive, perform malware analysis (both static and dynamic), binary triage, and file format analysis\n\nCybersecurity experience with Cloud services such as AWS and their modules such as IDS, IPS, WAF, etc\n\nHands on experience with Intrusion Detection Systems, Intrusion Prevention Systems\n\nCybersecurity knowledge and experience related to API\n\nExcellent written and verbal communication skills to describe security event details and technical analysis with audiences within the cybersecurity organization and other technology groups.\n\nAbility to constructively partner with application development, application support, and other IT infrastructure resources to define measurement frameworks, develop KPI's and performance dashboards\n\nDemonstrate good working knowledge of the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks.\n\nDemonstrate sound judgement skills, critical thinking skills, analytical expertise, attention to detail, and the ability to function in a fast-paced, dynamic, global environment.\n\n\n\nCapabilities \n\nAbility to communicate in English (both verbal and written)\n\n\n\nREPORTING \n\nThe incumbent reports to the Director of Cybersecurity who will also assign projects, provide general direction and guidance. Incumbent is expected to perform duties and responsibilities with minimal supervision. \n\nDIRECT REPORTS \n\nNone\n\n\n\nBENEFITS \n\nAt Science 37, our focus is to provide you with a comprehensive and competitive total reward package that supports you at all stages of your career - both now and into the future. Our success depends on the knowledge, capabilities, and quality of our people. That’s why we are committed to developing our employees in a continuous learning culture – one where we challenge you with engaging work that adds to your professional development.\n\nWe value employee well-being and aim to provide team members with everything they need to succeed. \nSubmit your resume to apply!\n  \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Accounting, Senior, Engineer, Sales, Cloud, Microsoft, Marketing, Backend, Developer, Digital Nomad, Wordpress, Web, PHP, Python, Mobile, Legal, Medical, API, Analyst, Finance, SaaS, Developer, Education, Ecommerce, DevOps, Amazon, Director, Payroll, Excel, HR and Crypto jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nTampa, Florida, United States