All openings

Senior Information Security Engineer

Minneapolis, Washington D.C., or Chicago

Rally Health is all about putting health in the hands of the individual. It’s our mission, and it drives everything we do, which is to empower people with easy-to-use online and mobile tools that help them take charge of their health and health care, from improving their diet and fitness to selecting health benefits, and choosing the right doctor at the right price for their needs.

Our culture is built on a deep and sincere dedication to helping people live healthier lives. To do this, we are committed to innovating at every level. As our president and COO David Ko says, “We are a company that continuously innovates. It cannot end. It has to be in everything we do, which means that some of the things we’re going to do are not going to work – and that’s okay. We’re not trying to build something that is churn and burn. We’re building something that follows consumers over their lifetime.”

Our Security team is responsible for the health data of over 20 million people, and we are looking for help on our Information Security Engineering team.

The right person for this role is a rare personality that loves to handle vulnerabilities and prevent intrusions. Security Team members work closely with application development and operations groups across Rally Health to ensure that new and existing technical solutions are implemented in a manner that preserve the confidentiality, integrity and availability of customer data and Rally Health intellectual property.

If you were on the team in the last three months, you might have been involved in:

  • Building out a replacement for our Splunk cluster to ingest an average of 300GB/day of data across the organization.
  • Working with our networking team to upgrade Palo Alto firewalls to increase reliability and security coverage.
  • Performing vulnerability and risk assessments on new partners to make sure they take the security of our member data as seriously as we do.
  • Replacing our vulnerability scanning infrastructure with something automation-friendly that will scale with the rest of organization (we're all AWS and rapidly scale, we expect our security systems to do the same).
  • Using Terraform and Ansible to make changes to the production environment.

No one joining us will know all of the systems we use. We'd like to hear about which of the following you have experience with or are interested in:

  • Risk assessment and vulnerability management, especially in a cloud-first environment.
  • Security automation, especially with Python, Terraform, and/or Ansible.
  • Identity and access management, especially using Okta and Active Directory.
  • Incident response, especially in AWS and on Mac workstations. Forensics knowledge is a bonus.
  • Compliance frameworks, especially HIPAA and HITRUST.
  • Web application security.
  • DevSecOps, or whatever your preferred term for working with engineering is.

Qualifications

Much like the systems we use, not everyone will hit all of these qualifications. If you see yourself in more of it than not, let's talk!

  • You've been an information security engineer before, preferably in an environment certified for and compliant with a globally recognized Security Framework / Information Security Management System (NIST SP 800-53, ISO27001, HIPAA, HiTrust, SOX, PCI). More experience means we'll expect you to come in at a higher level, of course.
  • You've worked with AWS or another cloud provider, preferably doing security or operations.
  • You have strong opinions (well-formed) about cryptography for data at-rest and data in-transit.
  • You've worn an auditor hat and monitored compliance with security policies and standards.
  • You've written enough code (Python preferred, but not required) that you can look at problems and say "hey, I can script that". Even better if you've automated against APIs to make your job easier.
  • You're a good communicator who is comfortable in writing and in person.

Education/Certifications

No degree or certification is required. Have some? Let us know about them when you apply.

Why join Rally? On top of an innovative work atmosphere and a chance to help people change their lives, we offer competitive pay, daily catered lunches, and an extensive benefits package for all full-time employees (including medical, dental, vision and 401(k)). In addition, offer the ability to grow, while truly making an impact in the healthcare system.

Rally Health is committed to ensuring that its workforce reflects America’s diverse population. Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission. Rally Health believes in a policy of equal employment and opportunity for all people based on merit and commitment to the principles of diversity. It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, childbirth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.

Individuals with disabilities and veterans are encouraged to apply. Applicants who require an accommodation related to the application and/or review process should notify Talent Acquisition (recruiting@rallyhealth.com).

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.