Security Analyst at Cohere Health

Cohere Health is a fast-growing clinical intelligence company that’s improving lives at scale by promoting the best patient-specific care options, using leading edge AI combined with deep clinical expertise. In only four years our solutions have been adopted by health insurance plans covering over 15 million people, while our revenues and company size have quadrupled.  That growth combined with capital raises totaling $106M positions us extremely well for continued success. Our awards include: 2023 and 2024 BuiltIn Best Place to Work, Top 5 LinkedIn™ Startup, TripleTree iAward, multiple KLAS Research Points of Light, along with recognition on Fierce Healthcares Fierce 15 and CB Insights Digital Health 150 lists.

Opportunity Overview:

We are seeking a skilled and experienced Security Analyst to join our cybersecurity team. The successful candidate will play a pivotal role in safeguarding our organizations digital assets by actively participating in incident response, leveraging managed detection and response (MDR) tools, and enhancing log management practices. The Security Analyst will work closely with our Managed Security Service Provider (MSSP) and internal teams to ensure robust security monitoring, efficient incident escalation, and proactive threat hunting.

Last but not least: People who succeed here are empathetic teammates who are candid, kind, caring, and embody our core values and principles. We believe that diverse, inclusive teams make the most impactful work. Cohere is deeply invested in ensuring that we have a supportive, growth-oriented environment that works for everyone.

What you will do:

• Cloud Security Expertise:

o Demonstrate advanced proficiency in cloud security, particularly within AWS environments.

o Stay abreast of the latest AWS security services, tools, and best practices.

• Incident Response:

o Lead and manage the incident response process, including detection, analysis, containment, eradication, and recovery of security incidents.

o Develop and maintain incident response playbooks, ensuring timely and effective handling of security incidents.

o Conduct post-incident analysis and create detailed incident reports with recommendations for improving security posture.

• Managed Detection and Response (MDR):

o Utilize MDR tools to monitor security alerts, identify potential threats, and coordinate response efforts.

o Analyze alerts generated by MDR tools, determine their severity, and take appropriate actions to mitigate threats.

o Collaborate with MDR service providers to ensure optimal configuration and performance of security monitoring systems.

• Log Enhancement and Management:

o Enhance log management practices, including log collection, normalization, and correlation.

o Develop and implement log retention and rotation policies to comply with industry standards and regulations.

o Analyze logs to identify suspicious activities, anomalies, and potential security breaches.

• Incident Escalation:

o Act as the primary point of contact for Level 2 incident escalation and triage.

o Assess and prioritize security incidents based on their impact and severity.

o Coordinate with relevant teams and stakeholders to escalate incidents to higher levels of response when necessary.

• Level 2 Alert Triage:

o Perform in-depth analysis of security alerts and incidents, determining false positives and true positives.

o Investigate and respond to Level 2 alerts, ensuring timely resolution and documentation.

o Develop and maintain detailed records of all triaged alerts and actions taken.

• Collaboration with Managed Security Service Provider (MSSP):

o Collaborate closely with the MSSP to ensure seamless communication and coordination during security incidents.

o Review and validate the quality of services provided by the MSSP, including threat detection and response capabilities.

o Participate in regular meetings with the MSSP to discuss security trends, incident reports, and service improvements.

• Alert Tuning and Optimization:

o Continuously tune and optimize security alerts to reduce false positives and enhance detection accuracy.

o Work with the security operations team to refine alert thresholds and improve the overall effectiveness of security monitoring.

• Threat Hunting Exercises:

o Proactively hunt for threats and vulnerabilities within the organizations environment.

o Conduct threat intelligence research and analysis to identify emerging threats and attack vectors.

o Develop and execute threat hunting exercises to identify and mitigate potential security risks.

Your background & requirements:

• Bachelors degree in Computer Science, Information Security, or a related field, or equivalent work experience.

• 3+ years of experience in a security analyst role, with a focus on incident response, log management, and threat detection.

• Strong knowledge of MDR tools, SIEM platforms, and security monitoring technologies.

• Experience with incident response frameworks and best practices (e.g., MITRE - ATT&CK, MITRE D3FEND, NIST CSF, SANS).

• Proficiency in analyzing security logs, alerts, and incidents.

• Excellent problem-solving and analytical skills, with the ability to work under pressure.

• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and external partners.

• Relevant certifications such as Security +, CEH, GCIH, or similar are preferred.