• Own the implementation and day-to-day operation of security controls across endpoints, infrastructure, secure connectivity, and data protection • Execute the migration to the selected XDR platform across endpoints and infrastructure • Implement and operate DLP and SASE controls to secure user access, SaaS usage, and data flows • Deploy and operate a centralized MDM solution to manage and secure corporate endpoints • Implement and maintain endpoint security policies including encryption, OS hardening, patching, and access controls • Operate and continuously improve SIEM detections and SOAR playbooks for security events across critical platforms • Support brand protection operations by monitoring phishing, impersonation, and brand abuse activity

Role Description Hello there and a warm welcome from our Security Operations team! We are thrilled to introduce a key role that connects our cutting-edge technology with the robust protection of our digital assets. Curious what this role is all about? Let’s dive right in: - Build and maintain the company’s security operations framework and daily monitoring systems. - Monitor, analyze, and respond to security incidents, anomalies, intrusions, and other suspicious activities. - Perform log analysis, threat detection, and alert handling. - Manage and optimize security tools such as SIEM and EDR. - Support cloud security configuration and risk assessment, especially in AWS environments. - Develop, refine, and implement security policies, processes, and standards. Qualifications - 3–5 years of experience in security operations, SOC, or related cybersecurity roles. - Strong knowledge of mainstream security technologies such as firewalls, IDS/IPS, SIEM, and EDR. - Experience with log analysis, threat modeling, and incident response. - Good understanding of AWS security architecture and cloud security best practices. - Strong communication skills in Chinese and English (C1 level for both). - Experience with automation or SOAR tools is a plus. - Red team and blue team experience is a plus. Benefits - Join an international and collaborative team where you can help build security operations capabilities from the ground up. - Work on meaningful cloud security and incident response topics while improving the company’s overall security maturity. - Opportunity to work closely with engineering, operations, and management teams in a dynamic environment.

Role Description We are seeking a highly skilled and motivated Incident Response Coordinator to join our Security Operations team. This role involves planning, coordinating, and managing responses to security incidents, ensuring accurate execution of processes and timely completion of documentation and communications. The ideal candidate for the Incident Response Coordinator role is an experienced professional with the soft skills that enable effective performance in high-stakes environments: - Active listener with strong analytical and problem-solving abilities - Ability to confidently communicate clear, concise updates to diverse stakeholders - Exhibits adaptability, attention to detail, and a commitment to ethical practices Personnel performing this role may unofficially or alternatively be called: - Incident Handler - Incident Responder - Incident Response Analyst - Incident Response Engineer - Intrusion Analyst - Computer Network Defense Incident Responder - Computer Security Incident Response Team Engineer Qualifications - Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field or equivalent work experience of 5 years or more - Minimum of 2 years of experience in cybersecurity incident response or a related role Requirements - Coordinate the investigation, containment, recovery, and remediation of cybersecurity incidents - Serve as the primary contact during incidents, providing status updates - Monitor and analyze network traffic, security logs, and alerts - Document after action incident details, actions taken, timelines, and lessons learned - Conduct periodic incident response exercises, deliver training, and raise awareness - Collect intrusion artifacts and use discovered data to enable mitigation - Continuously review and improve the incident response plan - Perform initial triage and analysis of security incidents - Guide cross-functional teams to contain threats and restore normal operations - Coordinate with Corporate Leadership, Security Operations Center (SOC), and external parties - Lead after-action reviews, publish findings, and recommend mitigation measures - Stay current with evolving threats, vulnerabilities, and best practices Benefits - Equal employment opportunities to all employees and applicants - Prohibits discrimination and harassment of any type Preferred Qualifications - Outstanding English language communication skills, both written and verbal - Professional certifications such as CISSP, ECIH, GCFE, GCIH - Experience with digital forensics and malware analysis - Knowledge of network protocols and security architecture - Familiarity with malware types and attack methods - Experience with scripting and automation tools Physical Requirements - Prolonged periods of sitting at a desk and working on a computer

Role Description The Cybersecurity Operations Analyst supports and advances the organization’s Information Security program by protecting the enterprise against evolving cyber threats. This role is responsible for participating in incident response activities, investigating and analyzing security events, optimizing security controls, and collaborating cross-functionally to strengthen the organization’s overall security posture. The Cybersecurity Operations Analyst provides hands-on technical leadership through proactive threat hunting and the continuous enhancement of detection and response capabilities. This position contributes to the ongoing evolution of Versant Health’s cybersecurity operations by leveraging leading security technologies, partnering with internal stakeholders, and staying current on emerging threats and attack methodologies. Where you will have an impact - Security Hygiene & Control Validation - Routinely audit and validate security control coverage (e.g., XDR, ZTNA, DLP) to ensure tools are operating effectively and protect 100% of intended assets. - Partner with the SOC to ensure log integrity across security and non-security systems; validate alert scope, fidelity, and thresholds. - Monitor the health and performance of security tools, performing root cause analysis when agents fail or policies are not properly applied. - Incident Response, Event Monitoring, & Threat Hunting - Serve as the Tier 2 escalation point for the SOC and lead the full incident response lifecycle, from containment through recovery. - Conduct proactive threat hunting using threat intelligence, SOC findings, and behavioral analysis to identify threats that bypass automated controls. - Analyze threat intelligence to inform defensive strategies and continuously improve detection capabilities. - Collaborate with the SOC to develop, refine, and maintain incident response playbooks aligned to business context. - Monitor and analyze security alerts from SIEM, EDR, and other tools to identify and respond to potential threats. - Implement and enforce security controls, policies, and procedures to protect organizational assets. - Blue, Red, and Purple Team Activities - Engage in the development and execution of recurring security wargames, including scenario design and cross functional participation. - Actively participate in blue team activities focused on defensive security, detection, and incident response. - Collaborate in purple team exercises to validate detection and response effectiveness against real world attack scenarios. - Participate in internal red team exercises, penetration tests, and simulated attacks to identify security gaps and control weaknesses. - Perform adversary emulation by modeling tactics, techniques, and procedures (TTPs) of known threat actors. - Share insights, lessons learned, and intelligence across teams to continuously improve security posture. - Use findings from offensive testing to optimize SIEM rules, EDR/CASB/SWG policies, firewall configurations, and other security controls. - Security Tool Management - Configure, maintain, and optimize a broad portfolio of security technologies, including: - Security Information and Event Management (SIEM): Log aggregation, correlation, tuning, and alerting. - Endpoint Detection and Response (EDR): Threat detection and response across endpoint environments. - Attack Surface & Exposure Management (ASM/AEM): Continuous discovery and prioritization of vulnerabilities and exposures. - Cloud Access Security Broker (CASB): Enforcement of security controls for cloud applications and services. - Secure Web Gateway (SWG): Inspection of web traffic and protection against web-based threats. - Data Loss Prevention (DLP): Design, implementation, and management of policies to prevent unauthorized data exfiltration across endpoints, networks, and cloud environments. - Security Operations & Support - Respond to and resolve security related tickets and user inquiries. - Provide guidance and best practice recommendations to end users and IT partners. - Troubleshoot security tool issues and perform root cause analysis. - Documentation, Reporting, & Communication - Create and maintain detailed documentation for incident response procedures, security tool configurations, and security advisories. - Generate and present reports on security incidents, trends, and overall security posture to management. - Communicate clearly and effectively with stakeholders during and after security incidents. Qualifications - 3+ years of experience in cybersecurity, with a focus on security operations and incident response. - Bachelor’s degree from an accredited college or university or equivalent professional experience. - Hands-on experience administering and maintaining SIEM, EDR, and related security tools. - Understanding of networking concepts, TCP/IP, Active Directory, DNS, DHCP, and network defense technologies. - Proficiency with Windows, Linux, and macOS operating systems. - Experience with cloud security platforms (e.g., AWS, Azure). - Knowledge of secure engineering principles and technical security testing methodologies. Requirements - All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI). - Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. - Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program. Benefits - Comprehensive and competitive total rewards package designed to support your health, financial well-being, and work-life balance. - Medical, dental, and paid vision coverage. - Paid time off and company holidays. - Retirement savings with employer contribution. - Employee wellness resources. - Professional development opportunities. - Flexible work arrangements. - Employee assistance programs.