Information Security Engineer – Threat Response and Investigations

Information Security Redwood City, California Austin, Texas


HeartFlow, Inc. is dedicated to making our products and technologies as secure as possible. Reporting to the Threat Response and Investigations Manager, the Information Security Engineer will primarily perform and support to insider threat investigations as well as provide support to threat detection and response efforts including incident response, CERT, attack and threat analysis, and analytics. Upon detection of an incident, determine extent of compromise and impact; promptly recommend containment and mitigation measures.  Propose long-term hardening measures to prevent recurrence.

This hands-on role and will support Legal and Human Resources initiated investigations from acceptable use policy violations to electronic discovery support. This role will also perform threat hunting, triage, analysis and reporting of information security incidents and events. The Information Security Engineer will support incident response activities through all remediation and recovery phases include working with law enforcement.

This position may require weekend and evening work as well as availability during off-hours for participation in scheduled and unscheduled activities.

Job Responsibilities:

The manager will be responsible for two primary sub-programs: Threat Detection and Response, Insider Threat Investigations as well as other pertinent duties as assigned:

Threat Detection and Response

  • At the direction of the manager, provides direct support to the CERT and manages incidents through to conclusion, including but not limited to participating in post mortem analysis and developing preventative actions
  • Utilizes appropriate tools and services to rapidly detect and respond to threats to HeartFlow and our trusted partners
  • Analyzes network, system, and security events to determine whether an incident has occurred and applies appropriate response actions
  • Collaborates with the outsourced SOC on escalated incidents and gather proactive intelligence in advance of emerging threats and zero-days
  • Applies threat response plans that are in place to appropriate incidents
  • Develops, documents and manages containment strategies recommending actions to mitigate the risk associated with intrusion attempts
  • Researches, implements and maintains proficiency in response and detection tools, countermeasures and attack method trends
  • May work with Federal and/or state and local law enforcement agencies

Insider Threat Investigations

  • Utilizes acceptable use policy violations, repeat offenders, DLP alerts and several other sources to research possible indications of insider threats
  • Conducts cyber-forensic investigations of digital evidence/relevant information in response to pre/post attacks, to reconstruct events from and develop an understanding of intent, objectives and activities employed by threat actors
  • Provides unbiased digital evidence to appropriate parties in support of active investigations
  • Ensures appropriate tools are in place to identify potential insider threat to HeartFlow

Technical Skills Needed:

  • 3+ years or more experience in Information Security (5+ years preferred) with 3+ years in an incident response, SOC, or penetration tester role
  • A proven track record in digital forensics, tool management, and electronic evidence collection
  • Experience conducting digital forensics examinations on Microsoft Windows operating systems and Apple iOS devices using industry standard tools – e.g., Nuix, Oxygen, Magnet Forensics, EnCase, data loss prevention (DLP), open source
  • Advanced knowledge of the threat landscape and threat intelligence methodologies
  • Demonstrated ability to make decisions on remediation and counter measures
  • Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing methodologies
  • Experience defending against data exfiltration and modification, including extensive DLP experience.
  • Working knowledge of threats to cyber security and understanding of the tools and tactics utilized by threat actors
  • Experience with one or more scripting languages (Perl, Python, or other) in an incident response environment
  • Extensive Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, web browser forensics and file carving
  • Desktop, server, application, database, and network security hardening principles and practices for threat prevention
  • Knowledge of common attack methodologies; common types of security vulnerabilities;
  • Proficiency in the use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems

Soft Skills Needed:

  • Strong analytical and problem-solving skills. Ability to effectively adapt to rapidly changing technology and apply it to business needs.
  • Strong knowledge and understanding of business needs.
  • Strong team-oriented interpersonal and communication skills; ability to present technical information in a way that establishes rapport, persuades others and gains understanding.
  • Ability to effectively interface with a wide variety of audiences, up to executive management.
  • Effective communication and presentation skills with demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
  • Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices.

Preferred Skills and Experience:

  • Encase Certified Examiner, Certified Ethical Hacker, Certificated Incident Handler, or Certified Forensic Examiner preferred but not required
  • Knowledge of common information security management frameworks, such as NIST.
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines.
  • Executive level presence and presentation skills
  • Experience with a cloud service spanning multiple countries

About HeartFlow, Inc.:

HeartFlow, Inc. is a medical technology company redefining the way heart disease is diagnosed and treated. Our non-invasive HeartFlow FFRct Analysis leverages deep learning to create a personalized 3D model of the heart. By using this model, clinicians can better evaluate the impact a blockage has on blood flow and determine the best treatment for patients. Our technology is reflective of our Silicon Valley roots and incorporates decades of scientific evidence with the latest advances in artificial intelligence. The HeartFlow FFRct Analysis is commercially available in the United States, Canada, Europe and Japan. For more information, visit

HeartFlow, Inc. is an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices based on race, sex, age, handicap, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.