Staff Security Analyst

About Ro

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient, end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 98% of primary care deserts.

The healthcare system today is not designed to help patients achieve their goals. It’s designed around institutions such as hospitals and insurance companies. A patient centric healthcare system is one that is designed around the goals a patient wants to achieve. We’re building healthcare that puts patients in control, provides reactive and proactive care, has transparent pricing and process, is extremely effective and ridiculously convenient, and evolves over time based on patients’ goals.

Ro has been recognized as a Fortune Best Workplace in New York and Health Care for four consecutive years (2021-2024). In 2023, Ro was also named Best Workplace for Parents for the third year in a row. In 2022, Ro was listed as a CNBC Disruptor 50.

Employment Type: Full-time

The Role

We are seeking a Staff Security Analyst with broad vision and a deep understanding of the cybersecurity tradecraft, responsible for executing our most comprehensive investigations and developing innovative solutions to track and defend against sophisticated adversaries.

Successful candidates will have in-depth technical knowledge of adversary tactics, techniques, and procedures; the ability to analyze, correlate, and interpret complex events and anomalies; and the ability to innovate detection techniques leveraging engineering teams and processes. The candidate will be able to assume incident command during IR, navigate between task and goal level discussions gracefully, and collaborate with other experts with a clear mental map representing the SOC as our technical subject matter expert.

Preferred candidates will be assertive but open-minded critical thinkers with a high ownership mentality, understanding they own the goals and the outcomes. They are comfortable displaying humility in an environment where it’s not about “being right”, rather we are all responsible for coming up with the best answer to achieve our mission. They thrive on working in challenging and hyper-modern SAAS-native environments with container-based first-party application architectures monitored with contemporary security tools such as Wiz, Crowdstrike and Splunk.

What You'll Do

• Serve in the team’s highest escalation unit for technical cybersecurity analysis and response, leveraging superior investigative skills and knowledge of adversary tactics, techniques, and procedures.
• Command cyber incident response efforts, quickly correlate multiple data sources, and apply various analytical techniques to determine the best remediation strategy tracking incidents to completion.
• Impact program strategy across multiple competency domains including external threat, insider risk, fraud management, and physical security.
• Provide subject matter expertise during meetings while speaking about complex topics to both technical and non-technical colleagues, partners, and business leaders.
• Leverage best-of-breed technologies to perform investigations in coordination with both our managed security providers and internal SOC personnel.
• Develop new hypotheses and advanced searches within a rich dataset to discover adversary tactics, techniques and procedures in near-real-time and retrospectively as identified by threat intelligence.
• Create, maintain, and execute incident response playbooks to drive manual and automated analysis for the entire SOC within a SIEM and SOAR platform.
• Work with multiple stake