Company Description

Butterfly Network’s mission is to democratize healthcare by enabling universal access to superior medical imaging. We reinvented ultrasound technology by creating the world's first handheld, single-probe whole-body ultrasound system: the Butterfly iQ. This innovative technology reduces the cost of the traditional ultrasound system by miniaturizing it onto a single semiconductor silicon chip.

Butterfly harnesses the advantages of AI and cloud computing to deliver advanced imaging that is easy-to-use and built for the digital era. The Butterfly iQ and next-generation Butterfly iQ+ have received CE Mark and FDA clearance, and are being sold in hospitals and clinics around the globe.

Joining Butterfly Network is the opportunity to redesign the future of healthcare through the power of technology. Embark on a journey with us to maximize global impact, motivated by the idea that our products will change the lives of millions along with the people you love.

Job Description

You will be working in Butterfly’s fast-growing security team to better meet the needs of our customers in the global healthcare sector.  As a Senior Security Operations Engineer, you will have the opportunity to work closely with our DevOps, hardware, software, AI, and cloud engineering teams to secure our product and our cloud security architecture. As we scale our business internationally and into large enterprises, security has never been more important to our company and those patients we help every day.

As part of our team, your core responsibilities will be: 

• Assess, triage, and prioritize security alerts from logging and monitoring systems
• Conduct vulnerability assessment, determine deviations from acceptable configurations, and assess the level of risk; recommend appropriate mitigation countermeasures 
• Work in collaboration with SRE, IT, cloud operations, and engineering teams to secure our AWS environment; define a unified incident response process, complete with performance metrics and post mortems
• Oversee security assessments, including penetration tests of the production environment
• Design, implement, configure, and support security and IT solutions and tools (e.g., SIEM, IDPS, IAM, MDM)
• Keep abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors.
• Assist in digital forensic activities including collect, process, preserve, analyze, and present  evidence in support of vulnerability mitigation, and investigations
• Perform cyber defense analysis by using data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, Cloud Trails) to analyze events for the purposes of mitigating threats.
• Help develop an Incident Response program
• Develop playbooks, work instructions, and automation solutions.
• May require work nights, weekends, or holidays on a rotational basis with the rest of the team to ensure 24x7 coverage.
• Supports our CISO in additional security projects, as needed
• For other Hardware Department duties as assigned.

Qualifications

Baseline skills/experiences/attributes:

• BS degree in related field or equivalent experience. MS degree in a related field or equivalent experience is a plus
• Minimum 5+ years of cybersecurity experience, 2 of which include being in a SOC/CSIRT environment
• Experience investigating cybersecurity events and incidents using a full suite of alerting and response tools, digital forensic or malware analysis tools
• Experience with one major SIEM system; Splunk is a plus
• Hands-on experience working with AWS services and tools such as IAM, CloudTrail, CloudWatch, SecurityHub, GuardDuty, Inspector, Shield, WAF, KMS, Secrets Manager, Lambda, CloudWatch, PagerDuty
• Demonstrable knowledge of Information Security attack methods and techniques
• Experience creating and maintaining threat models
• Strong understanding of networking basics, including firewall, IDPS, and segmentation
• Familiar with server-less compute such as AWS Lambda and container implementations with EKS, Kubernetes, etc.
• CISSP, OSCP, GIAC, and or AWS Certified Security Specialty a plus
• Perform a broad variety of tasks in support of the role and responsibilities

Ideally, you also have these skills/experiences/attributes (but it’s ok if you don’t!):

• Familiarity with DevSecOps, CI/CD, AppSec, and agile methodology
• Google Cloud Platform security experience
• Experience working in a high-growth scaling environment 

You Deeply Identify with Core Butterfly Network Values:

• Efficient & Speedy - you get work done in a fraction of the time as industry peers 
• Intellectually Curious - you are thoughtful & inquisitive; people enjoy working with you because they learn from you
• Mission-Driven & Committed - you are passionate about the company's purpose and are immensely productive
• Team Oriented - you celebrate and take joy in the success of others on the team

Additional Information

We offer great perks: 

• Fully covered medical insurance plan, and dental & vision coverage - as a health-tech company, we place great worth on our teams’ well-being
• Pre-tax commuter benefits - we make your commute more reasonable 
• Free onsite meals + kitchen stocked with snacks
• 401k plan - we facilitate your retirement goals
• Flexible Paid Time Off - recharge and come back ready to make an impact
• Work remotely or from one of our beautiful offices in New York or Palo Alto.
• Competitive salaried compensation - we value our employees and show it 
• Equity - we want every employee to be a stakeholder
• The opportunity to build a revolutionary healthcare product and save millions of lives! 

For this role, we provide visa assistance for qualified candidates. 

Butterfly network does not accept agency resumes.

Butterfly Network Inc. is an E-Verify Company and is an equal opportunity employer regardless of race, color, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability or Veteran status. All your information will be kept confidential according to EEO guidelines.