Senior Security Engineer

Butterfly Network
New York, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Shift work
Languages
English
Experience level
Senior
Compensation
$ 135K

Job location

New York, United States of America

Tech stack

Agile Methodologies
Artificial Intelligence
Amazon Web Services (AWS)
Application Firewall
Cloud Computing
Cloud Computing Security
Cloud Engineering
Computer Security
Information Leak Prevention
DevOps
Digital Forensics
Multi-Factor Authentication
Monitoring of Systems
Health Information Technology
Identity and Access Management
Intrusion Detection Systems
Networking Basics
Phishing
Zero Trust Network Access
Security Information and Event Management
Software Vulnerability Management
Private Cloud Environment
Data Logging
Malware
Firewalls (Computer Science)
Amazon Web Services (AWS)
Information Technology
Cyber Warfare
Splunk
Vulnerability Analysis

Job description

You will be working in Butterfly's fast-growing Information Security (InfoSec) team to better meet the needs of our customers in the global healthcare sector. As a Security Engineer, you will have the opportunity to work closely with our DevOps, Hardware, Software, AI, Risk Management, Audit, Quality Team, and Cloud Engineering Teams to secure our product and our cloud security architecture. As we scale our business internationally and into large enterprises, security has never been more important to our company and those patients we help every day. Responsibilities will also include Manage, Monitor, and Maintain Global Security Certifications rooted in National Institute of Standards and Technology (NIST) - International Organization for Standardization (ISO) - Health Information Technology for Economic and Clinical Health (HITECH) - International Electrotechnical Commission (IEC), and GovRAMP/FedRAMP among others.

As part of our team, your core responsibilities will be:

  • Assess, triage, and prioritize security alerts from logging and monitoring systems.
  • Incident response management and breach mitigation.
  • Conduct vulnerability assessment, determine deviations from acceptable configurations, and assess the level of risk; recommend appropriate mitigation countermeasures.
  • Work in collaboration with Legal, Compliance, HR on Discovery and Investigations requests.
  • Work in collaboration with IT, Cloud Operations, and Engineering Teams to secure our AWS environment.
  • Design, implement, configure, support, and maintain security and IT solutions and tools (e.g., Security Information Event Management (SIEM), Identity Access Management (IAM), Mobile Device Management (MDM), Endpoint Detection and Response (EDR), Vulnerability Management, Zero Trust Networking (ZTN), Data Loss Prevention (DLP)).
  • Keep abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors.
  • Lead digital forensic activities including collecting, processing, preserve, analyze, and present evidence in support of vulnerability mitigation, and investigations.
  • Perform cyber defense analysis by using data collected from a variety of cyber defense tools (e.g., Intrusion Detection System (IDS), alerts, firewalls, AWS Cloud Trails) to analyze events for the purposes of mitigating threats.
  • Help mature and maintain an Incident Response Program.
  • Develop playbooks, work instructions, process flow, Risk Assessments, and automation solutions.
  • Evidence and artifact collection and articulation for purpose of Audit and Accreditations.
  • Contributes to Executive Presentations of the InfoSec state and environment.
  • Will require working nights (at times), weekends (at times), or holidays (at times) on a rotational basis with the rest of the team to ensure 24x7 coverage.
  • Supports our CISO in additional security initiatives and projects, as needed., Butterfly requires security adherence responsibilities from all employees. These include: adhering to all company security policies and procedures, utilize provided company assets securely, and complete all required security awareness training programs. Safeguarding company data and systems from unauthorized access, modification, or destruction, contributing to the overall security posture of the organization. Immediately reporting any suspected or actual security incidents, including phishing attempts, malware infections, or unauthorized access, following the established incident response procedure

Requirements

Do you have experience in Zero Trust security?, * Preferred 4+ years of cybersecurity experience or comparable IT experience working in collaboration with an InfoSec Organization.

  • Experience investigating cybersecurity events and incidents using a full suite of alerting and response tools, digital forensic or malware analysis tools.
  • Experience with one major SIEM system; Splunk is preferred. Write Splunk Search Processing Language (SPL) queries for alerts, create dashboards and produce reports and metrics.
  • Strong understanding of networking basics, including firewall, Web Application Firewall (WAF), experience with Virtual Private Cloud (VPC), and Zero Trust Networking (ZTN).
  • Firsthand experience with Vulnerability Management preferably Rapid7, perform scans, produce reports, and track remediation.
  • Experience with Endpoint Detection and Response preferably CrowdStrike Falcon and Cloud Security Posture Management, write policies, triage alerts, and deploy agents.
  • Experience with Identity Access Management preferably Entra ID; configuring SSO, user/group management, user access review, multi factor authentication (MFA), etc.
  • Experience with zero trust networking preferably Zscaler Private Access to create connectors, applications, policies, and troubleshooting.
  • Strong familiarity with NIST 800-53 (Rev-5).
  • Strong familiarity with ISO27001.
  • Strong Project Management skills (PMP, Six Sigma, or Agile).
  • Strong communications skills (collaborating with employees at all levels).
  • CISSP, GIAC, and or AWS Certified Security Specialty a plus.

Benefits & conditions

Pulled from the full job description

  • Employee stock purchase plan
  • Parental leave
  • Health insurance
  • 401(k) matching
  • Vision insurance
  • Health savings account
  • Dental insurance, * Comprehensive health insurance, encompassing dental and vision coverage, is provided to all our employees. As a health-tech company, we prioritize the well-being of our teams. We also contribute to Health Savings Account (HSA) accounts for all enrolled employees on an annual basis.
  • Comprehensive Employee Assistance Program - we provide access to tools and resources to support your emotional health and day-to-day needs.
  • 401k plan and match - we facilitate your retirement goals.
  • Eligible employees will have the opportunity to participate in Employee Stock Purchase Plan (ESPP)
  • Unlimited Paid Time Off + 10 Holiday Days a Year - recharge and come back ready to make an impact
  • Parental Leave - we aim to provide our employees with time to bond with their growing family, along with additional support for primary caregivers to help transition back to work
  • Competitive salaried compensation - we value our employees and show it
  • Equity - we want every employee to be a stakeholder
  • The opportunity to build a revolutionary healthcare product and save millions of lives!, Our estimated salary for this role is around $135,000 + bonus + equity + benefits. Actual pay is determined by multiple factors such as skills, qualifications, experience and market demand.

About the company

Butterfly Network, Inc. (NYSE: BFLY) is driving a digital revolution in ultrasound imaging and sensing with its proprietary Ultrasound-on-Chip semiconductor technology and software solutions. Butterfly first proved its technology in the point-of-care ultrasound market - commercializing the world's first single-probe, whole-body portable ultrasound device, which is now on its best-selling, third-generation: Butterfly iQ3 . The Company combines its advanced hardware with cloud software and AI, an enterprise workflow solution (Compass AI ) and other offerings to drive adoption of affordable, accessible ultrasound. Butterfly also enables third-party development of imaging AI apps through Butterfly Garden , its software development kit and AI partnership initiative. In addition to its medical imaging products, Butterfly Embedded is the Company's Ultrasound-on-Chip licensing and co-development program designed to enable a new wave of ultrasound-enabled technologies across non-competitive healthcare markets and beyond. Through Butterfly Embedded , partners can build and scale novel ultrasound applications powered by Butterfly's proprietary semiconductor chip and software platform. Butterfly's innovations have been recognized by Prix Galien USA, Fierce 50, TIME's Best Inventions and Fast Company's World Changing Ideas, among other achievements. We're a team of bold thinkers, problem-solvers, and innovators ready to shape the future of medical imaging. Let's build something extraordinary together!, Butterfly offers a hybrid work model for most positions, with team members spending two or more days a week in the office. While flexibility is key, we value in-person connections that spark creativity and teamwork. Our offices are designed for collaboration, with comfortable workspaces, stocked kitchens, and opportunities to connect with peers.

Apply for this position