Staff Security Analyst

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient, end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 98% of primary care deserts.

The healthcare system today is not designed to help patients achieve their goals. It’s designed around institutions such as hospitals and insurance companies. A patient centric healthcare system is one that is designed around the goals a patient wants to achieve. We’re building healthcare that puts patients in control, provides reactive and proactive care, has transparent pricing and process, is extremely effective and ridiculously convenient, and evolves over time based on patients’ goals.

Ro has been recognized as a Fortune Best Workplace in New York and Health Care for four consecutive years (2021-2024). In 2023, Ro was also named Best Workplace for Parents for the third year in a row. In 2022, Ro was listed as a CNBC Disruptor 50.

The Role

We are seeking a Staff Security Analyst with broad vision and a deep understanding of the cybersecurity tradecraft, responsible for executing our most comprehensive investigations and developing innovative solutions to track and defend against sophisticated adversaries. 

Successful candidates will have in-depth technical knowledge of adversary tactics, techniques, and procedures; the ability to analyze, correlate, and interpret complex events and anomalies; and the ability to innovate detection techniques leveraging engineering teams and processes. The candidate will be able to assume incident command during IR, navigate between task and goal level discussions gracefully, and collaborate with other experts with a clear mental map representing the SOC as our technical subject matter expert. 

Preferred candidates will be assertive but open-minded critical thinkers with a high ownership mentality, understanding they own the goals and the outcomes. They are comfortable displaying humility in an environment where it’s not about “being right”, rather we are all responsible for coming up with the best answer to achieve our mission. They thrive on working in challenging and hyper-modern SAAS-native environments with container-based first-party application architectures monitored with contemporary security tools such as Wiz, Crowdstrike and Splunk.

What You'll Do:

• Serve in the team’s highest escalation unit for technical cybersecurity analysis and response, leveraging superior investigative skills and knowledge of adversary tactics, techniques, and procedures.
• Command cyber incident response efforts, quickly correlate multiple data sources, and apply various analytical techniques to determine the best remediation strategy tracking incidents to completion.
• Impact program strategy across multiple competency domains including external threat, insider risk, fraud management, and physical security.
• Provide subject matter expertise during meetings while speaking about complex topics to both technical and non-technical colleagues, partners, and business leaders.
• Leverage best-of-breed technologies to perform investigations in coordination with both our managed security providers and internal SOC personnel.
• Develop new hypotheses and advanced searches within a rich dataset to discover adversary tactics, techniques and procedures in near-real-time and retrospectively as identified by threat intelligence.
• Create, maintain, and execute incident response playbooks to drive manual and automated analysis for the entire SOC within a SIEM and SOAR platform.
• Work with multiple stakeholder teams such as IT, Threat Intelligence, Product Security, Infrastructure and patient care teams to solve security challenges at scale while balancing usability, stability, scalability and performance.

What You'll Bring:

• Bachelor’s degree in a technical field, or equivalent work experience.
• 7 years of experience in a security operations and incident response role.
• GCIH certified; experienced in incident management, crisis management, and/or breach response with in-depth knowledge of monitoring and response procedures.
• Expert in using Splunk SPL as well as SQL queries to analyze and synthesize a variety of data including security event logs and raw data to establish ground truth.
• Expertise in securing and conducting security investigations in AWS, Azure and GCP environments.
• Excellent analytical process, hypothesis generation, and reporting skills.
• Advanced proficiency in network/host based intrusion analysis, malware analysis, cloud native response, and/or forensics (disk/memory).
• Advanced understanding of tactics, techniques and procedures following industry recognized frameworks such as MITRE ATT&CK.
• Solid understanding of network protocols and architecture.
• Basic scripting/programming (Python, PowerShell, Bash, etc.) skills.
• Experience designing remediation and recovery plans.
• Experience with automating security plans and playbooks via an orchestration platform.
• Strong oral and written organizational and interpersonal skills.
• Broad understanding of the risks facing the security industry, including current and emerging threats.
• Strong experience leveraging threat intelligence from platforms such as Crowdstrike Falcon or Recorded Future, to inform security strategy.
• Nice to have, certified GCIA, GCFA, GNFA, GCFR, GREM, GIME or equivalents.

We've Got You Covered:

• Full medical, dental, and vision insurance + OneMedical membership
• Healthcare and Dependent Care FSA
• 401(k) with company match
• Flexible PTO
• Wellbeing + Learning & Growth reimbursements
• Paid parental leave + Fertility benefits
• Pet insurance
• Student loan refinancing
• Virtual resources for mindfulness, counseling, and fitness




We welcome qualified candidates of all races, creeds, genders, and sexuality to apply.

The target base salary for this position ranges from $178,000 - $217,000 in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary.

Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites).

At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law.

See our California Privacy Policy here.