Job Description

Your Future Evolves Here

Evolent Health has a bold mission to change the health of the nation by changing the way health care is delivered. Our pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas, challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a difference working in everything from scrubs to jeans.

Are we growing? Absolutely and Globally. In 2021 we grew our teams by almost 50% and continue to grow even more in 2022. Are we recognized as a company you are supported by for your career and growth, and a great place to work? Definitely. Evolent Health International (Pune, India) has been certified as "Great Places to Work" in 2021. In 2020 and 2021 Evolent in the U.S. was both named Best Company for Women to Advance list by Parity.org and earned a perfect score on the Human Rights Campaign (HRC) Foundation's Corporate Equality Index (CEI). This index is the nation's foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ+ workplace equality.

We recognize employees that live our values, give back to our communities each year, and are champions for bringing our whole selves to work each day. If you're looking for a place where your work can be personally and professionally rewarding, don't just join a company with a mission. Join a mission with a company behind it.

What You'll Be Doing:

Position Summary

In this function you will collaborate with Incident Response and SOC specialists, translating intelligence & hunt data into actionable intelligence to appropriately prioritize detection and response activities.

Qualifications/Experience

• Bachelor's / Master's degree in cyber security, computer science, or relevant engineering field.
• 2+ years of relevant work experience in Threat Intelligence.
• 5+ years of relevant work experience in Cybersecurity Operations working in geographically distributed teams is highly valuable.
• Relevant Industry Certifications such as SANS/GIAC (for example, GCIA, GCIH, GNFA, GCFA), CompTIA Security+, CTIA, CISSP, and CISM are preferred.
• Has a sound understanding of SIEM, DLP, PAM, EDR, other threat detection platforms and Incident Response tools.

Role & Responsibilities:

The position will bring a mix of the following tasks and responsibilities:

• Provide threat intelligence executive summary and briefings to cybersecurity team and IT areas.
• Maintain awareness of the cyber threat landscape and leverage automation to build better detection capabilities.
• Recommend patching priorities and timelines based on proof of concepts (POCs), exploits, and the threat landscape.
• Performing detailed analysis to identify novel tactics, techniques, and procedures (TTPs) being used by attackers that potentially target our business or customers.
• Identify & develop greater holistic insight and adversarial mapping to specific IOCs through research, sandboxing, and reversing with a working knowledge of EDR solutions.
• Develop a repository of SOPs, playbooks, and checklists for hunting that aligns to MITRE ATT&CK techniques and the availability of current data.
• Integrate Offensive Intelligence testing methodology and "high-level" findings.
• Save past "hunts" or queries for tracking and collaboration purposes (saved work can transform one-time hunts into persistent queries).
• Identifying, developing, and implementing new detections (Use cases) and mitigations (Playbooks) across the security platforms.
• Monitor organizations public exposure to detect signs of sensitive disclosure, exposed credentials, and hacker group activity targeted against the organization.
• Deep and current knowledge of social network monitoring (SOCMINT) and Dark Web Networks (TOR, I2P, etc.) (DARKMINT).
• Experience with frameworks (Cyber Kill Chain, Diamond model, MITRE ATT&CK) & TI platforms such as MISP, OpenCTI, Malpedia, STIX along with TI tools development & automatization of TI processes.
• Skilled in working with extremely large data sets, using tools and scripting languages such as Splunk, Python, Bash, PowerShell, SQL/KQL, etc.

Mandatory Requirements:

Currently, Evolent employees work remotely temporarily due to COVID-19. As such, we require that all employees have the following technical capability at their home: High speed internet over 10 Mbps, the ability to plug in directly to the home internet router. These at-home technical requirements are subject to change with any scheduled re-opening of our office locations.

Preferred Requirements:

Evolent Health is committed to the safety and wellbeing of all its employees, partners and patients and complies with all applicable local, state, and national law regarding COVID health and vaccination requirements. Evolent expects all employees to also comply. We currently require all employees who may voluntarily return to our Evolent offices to be vaccinated and invite all employees regardless of vaccination status to remain working from home.



Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status.