Detection Engineer

Datavant is a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. We are a data logistics company for healthcare whose products and solutions enable organizations to move and connect data securely. Datavant has a network of networks consisting of thousands of organizations, more than 70,000 hospitals and clinics, 70% of the 100 largest health systems, and an ecosystem of 500+ real-world data partners.

By joining Datavant today, you’re stepping onto a highly collaborative, remote-first team that is passionate about creating transformative change in healthcare. We hire for three traits: we want people who are smart, nice, and get things done. We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. Datavant is a distributed, remote-first team, and we empower Datavanters to shape their working environment in a way that suits their needs.

We are seeking a talented individual to play a crucial role in safeguarding our assets by bringing a level of operational rigor, innovation, and influence, not just to Security, but the wider Datavant team. This role will proactively hunt for threats, design and automate detection processes, and continuously improve our security posture. If you have scripting skills, SIEM experience, and a desire to stay ahead of cyber threats, this is your opportunity to make an impact as you will be a founding member of a team where your influence will help pave the way for success. 

You will:

• Design, implement, automate, and maintain security detection mechanisms to improve efficiency and reduce manual intervention, overhead, and repetitive processes.
• Develop and maintain custom detection rules and signatures to identify specific threats or patterns of behavior.
• Monitor and fine-tune detection systems to reduce false positives, alert fatigue, and improve accuracy.
• Collaborate with various stakeholders to ensure effective incident detection and response. 
• Provide recommendations for improving the organization’s security posture based on the detection findings. 
• Create and maintain custom scripts and automation tools to support threat hunting and detection efforts.
• Build new pipelines and workflows to accommodate new automation processes. 
• Stay up-to-date with the latest threat vectors and attack surfaces to be innovative in preventing successful malicious campaigns and protect the organization.
• Work collaboratively with engineering, legal, people and other Datavant teams.
• Be part of on-call rotation for Incident Response. 

What you will bring to the table: 

• Proficient in scripting languages and ability to implement secure coding, design practices, Git Version Control, and using release pipelines (Production).
• Proven experience in threat hunting, security detection, and incident response. 
• Have knowledge or experience in the application security landscape and best practices.
• Experience in designing and implementing a Security Orchestration, Automation, and Response (SOAR) solution.
• Experience in analyzing log data such as network traffic, endpoint events, SaaS activity (O365, Gdrive, Sharepoint, etc.), production host events, IOCs, and more to confidently identify, evaluate, and mitigate malicious activity, including automating the recommended countermeasures. 
• Deep knowledge of AWS/Azure services and management including containerization (Docker) and container orchestration (EKS, GKE, AKS) is highly desirable.
• Familiarity with SIEM solutions (Splunk) and automation tools.
• Thrive in a fast-paced autonomous environment.
• Great communication, prioritization, and project management skills. With the ability to advocate for a position while maintaining a collaborative and open-minded approach.
• Passionate about building a big business that transforms the healthcare industry.

Bonus points if:

• Relevant certifications from GIAC, Offsec, ISC2, etc are a plus.
• You can build in at least a single language (Python, etc.) and have Infrastructure as Code depth (Terraform). It is expected that you have a “git native” skillset.
• Combination of offensive/defensive skill set with the mindset to easily move between two as needed (Purple Team portfolio)
• API Management (Experience in dealing with APIs for integrations, security investigations)

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Our compensation philosophy is to be externally competitive, internally fair, and not win or lose on compensation. Salary ranges for this position are developed with the support of benchmarks and industry best practices. 

We’re building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated salary range for this role is  $131,800-$155,000.

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your responses will be anonymous and used to help us identify areas of improvement in our recruitment process. (We can only see aggregate responses, not individual responses. In fact, we aren’t even able to see if you’ve responded or not.) Responding is your choice and it will not be used in any way in our hiring process.