Alma is on a mission to simplify access to high-quality, affordable mental health care. We do this by making it easy and financially rewarding for therapists to accept insurance and offer in-network care. When a provider joins Alma, they gain access to a suite of tools that not only help them better run their business, but also grow it sustainably and develop as a provider. Alma is available in all 50 states, with over 20,000 therapists in our growing network. Anyone looking for a therapist can browse Alma’s free directory. Alma has raised $220.5M in funding from Insight Partners, Optum Ventures, Tusk Venture Partners, Primary Venture Partners, First Round Capital, Sound Ventures, BoxGroup, Cigna Ventures, and Rainfall Ventures. Alma was also named one of Inc’s Best Workplaces in 2022 and 2023.

Job Board

Values

Candidate Interview Guide

Senior Security Operations Analyst

Alma is seeking a mission-driven Senior Security Operations Analyst to join our team. We are dedicated to building and operating secure and compliant tools and services which help providers more easily manage and grow their practice. In this role, you will help us defend against cybersecurity incidents by identifying, analyzing, communicating and containing incidents as they occur.

The ideal person for this role loves to research tactics, techniques and procedures (TTPs) leveraged by attackers and adversaries and works with other teams to mature Alma’s incident response program, defining standards, procedures and automating processes to uncover, resist and recover from security incidents.

What you’ll do:

Defend against cybersecurity incidents and identify, analyze, communicate and contain incidents as they occur.
Validate and maintain incident response plans and processes to address potential threats
Conduct network monitoring, intrusion detection analysis, and log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
Deploy and manage cloud-centric detection to detect threats related to cloud environments and services used by the organization
Work with the security information and event management (SIEM) system to correlate activity across assets (endpoint, network, apps) and environments (on-premises, cloud) and identify patterns of anomalous activity
Research emerging threats and vulnerabilities to aid in the identification of incidents
Create runbooks for frequently occurring incidents and alerts to automate or assist with the resolution of those cases
Provide users with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary

Who you are:

You have 4+ years of experience working in a similar role with web technologies and information security and at least 2 years working in a senior role
You are self-motivated and capable of driving efforts to completion with minimal oversight while knowing when to ask for guidance and assistance as needed
You have achieved Certified Information Systems Security Professional (CISSP) certification or other relevant certifications
You have extensive experience managing incidents from detection to remediation including documenting findings, managing the response team and process, communicating updates, leading remediation efforts, and performing retrospectives for process improvement
You have experience building and running incident response programs, including planning tabletop exercises, developing breach simulation scenarios, facilitating tabletop sessions with numerous stakeholders, and writing summary reports
You have experience working with an incident management tool like OneTrust
You deeply understand AWS security tools and processes in regards to monitoring, logging, and incident management
You have multiple years of experience monitoring security systems that can scale, with high levels of automation.
You have extensive experience deploying and tuning the Elastic security information and event management (SIEM) platform and Endpoint Detect and Response (EDR) tool or a similar product
You have knowledge of tactics, techniques, and procedures leveraged by attackers and adversaries (e.g., MITRE ATT&CK)
You have strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
You have strong communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely
You have experience building short and long-term strategies for incident response and security operations teams

Benefits:

We’re a remote-first company
Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
401K plan (ADP)
Monthly therapy and wellness stipends
Monthly co-working space membership stipend
Monthly work-from-home stipend
Financial wellness benefits through Northstar
Pet discount program through United Pet Care
Financial perks and rewards through BenefitHub
EAP access through Aetna
One-time home office stipend to set up your home office
Comprehensive parental leave plans
11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
Flexible PTO

Salary Band: $145,000 - $175,000

Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy.

All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address.