Sr. Security Analyst
Remote
Hims & Hers Health, Inc. (better known as Hims & Hers) is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are revolutionizing telehealth for providers and their patients alike. Making personalized solutions accessible is of paramount importance to Hims & Hers and we are focused on continued innovation in this space. Hims & Hers offers nonprescription products and access to highly personalized prescription solutions for a variety of conditions related to mental health, sexual health, hair care, skincare, heart health, and more.
Hims & Hers is a public company, traded on the NYSE under the ticker symbol “HIMS”. To learn more about the brand and offerings, you can visit hims.com and forhers.com, or visit our investor site. For information on the company’s outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit www.hims.com/careers-professionals.
About the Role:
We are seeking a Sr. Analyst, Security to help build our Security Operations discipline. Our team moves at a fast pace and always looking to help drive best security practices at our core. This dynamic team enables multiple areas of the business to be able to stay agile, but with always being vigilant to keep our infrastructure secure and drive innovation. This is an opportunity to directly drive change and security in our business.
You Will:
- Advanced Security Monitoring and Analysis: Oversee the continuous monitoring and in-depth analysis of network traffic, system logs, and security alerts, employing cutting-edge SIEM solutions and leveraging advanced threat intelligence feeds to detect and respond to sophisticated cyber threats
- Incident Response Mastery: Develop, refine, and lead the execution of advanced incident response plans and procedures, orchestrating multifaceted incident handling activities with a focus on rapid containment, eradication, and recovery. Serve as the ultimate technical authority during high-stress security incidents
- Vulnerability Assessment and Management Expertise: Lead the identification and prioritization of vulnerabilities across our intricate technology stack, conducting comprehensive vulnerability assessments and overseeing advanced remediation efforts, including penetration testing and code review
- AWS, Azure, and GCP Security Expertise: Utilize your extensive knowledge of AWS, Azure, and GCP security best practices to assess and enhance the security of cloud environments. Implement and maintain security configurations, identity and access controls, and encryption mechanisms specific to each cloud platform. Conduct security assessments and audits to identify vulnerabilities and provide recommendations for remediation
- Pioneering Threat Intelligence Integration: Maintain an expert understanding of emerging cybersecurity threats and trends, actively integrating advanced threat intelligence into security operations to drive proactive threat detection and support the development of custom threat-hunting methodologies
- Master of Security Automation and Tooling: Spearheaded the development and deployment of highly sophisticated scripts, automation tools, and custom security solutions to optimize and streamline complex security tasks, enhance operational efficiency, and enable rapid response to evolving threats
- Prior experience with Threat Hunting and making recommendations on findings
- Experience in Red team, Blue team, Purple team, and table top exercise
- Recommend and implement security enhancements to proactively address emerging threats
- Assist in the development and enforcement of security policies, standards, and procedures
- Prior experience with industry regulations and standards, such as NIST, CIS, and GDPR
You Have:
- Bachelor's degree in a relevant field or equivalent work experience
- Minimum of 5 years of experience in a security analyst role
- Experience with Python and Powershell scripting
- Strong expertise in cloud computing, with a preference for AWS
- Proficiency in Sumo Logic for creating Insights and Signals
- Experience researching through logs for security investigations
- Familiarity with security platforms such as Netskope, CrowdStrike, Tenable, Cisco Meraki, and Proofpoint, or similar products
- Certifications such as OCSP, CompTIA Security+, Pentest+, or AWS Certified Security – a plus
- Excellent problem-solving and analytical skills
- Strong communication, documentation, and teamwork abilities
- Ability to work independently and under pressure in a fast-paced environment
- Exposure to penetration testing platforms such as Burp Suite, Kali Linux, Metasploit, Nexpose
- Skilled with network security tools such as Palo Alto Firewalls, Cisco VPNs, Palo Alto IDS
- Understanding of regulatory compliance (NIST CSF, SOX, ISO)
Our Benefits (there are more but here are some highlights):
- Competitive salary & equity compensation for full-time roles
- Unlimited PTO, company holidays, and quarterly mental health days
- Comprehensive health benefits including medical, dental & vision, and parental leave
- Employee Stock Purchase Program (ESPP)
- Employee discounts on hims & hers & Apostrophe online products
- 401k benefits with employer matching contribution
- Offsite team retreats
#LI-Remote
Outlined below is a reasonable estimate of H&H’s compensation range for this role for US-based candidates. If you're based outside of the US, your recruiter will be able to provide you with an estimated salary range for your location.
The actual amount will take into account a range of factors that are considered in making compensation decisions including but not limited to skill sets, experience and training, licensure and certifications, and location. H&H also offers a comprehensive Total Rewards package that may include an equity grant.
Consult with your Recruiter during any potential screening to determine a more targeted range based on location and job-related factors.
We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.
Hims considers all qualified applicants for employment, including applicants with arrest or conviction records, in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, the California Fair Chance Act, and any similar state or local fair chance laws.
Hims & Hers is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at accommodations@forhims.com and describe the needed accommodation. Your privacy is important to us, and any information you share will only be used for the legitimate purpose of considering your request for accommodation. Hims & Hers gives consideration to all qualified applicants without regard to any protected status, including disability. Please do not send resumes to this email address.
For our California-based applicants – Please see our California Employment Candidate Privacy Policy to learn more about how we collect, use, retain, and disclose Personal Information.
ApplyJob Profile
RestrictionsRemote
Benefits/Perks401k benefits Company holidays Competitive salary Competitive Salary & Equity Competitive salary & equity compensation Comprehensive health benefits Employee Discounts Employee discounts on hims Employee Stock Purchase Employee Stock Purchase Program Equity Equity Compensation ESPP Flexible/remote work approach Mental Health Days Offsite team retreats Outstanding benefits Parental leave Quarterly mental health days Remote work Talent-first flexible/remote work approach Team retreats Unlimited PTO Unlimited PTO, company holidays, and quarterly mental health days
Tasks- Conduct security assessments
- Conduct vulnerability assessments
- Develop security automation
- Drive innovation
- Enhance cloud security
- Integrate threat intelligence
- Lead incident response
- Monitor network traffic
Agile Analytical Automation AWS AWS Security Azure Azure Security CIS Code Review Communication Compliance Cybersecurity Documentation Encryption GCP GCP Security Incident Response Infrastructure Investigations Medical Monitoring NIST Operations Penetration Testing PowerShell Prioritization Problem-solving Python Regulatory Compliance Remote work Screening Scripting Security Security assessments Security Automation Security Monitoring Security policies Technology Telehealth Threat Detection Threat Intelligence Training Vulnerability assessment
Education