If you’re a hands-on SecOps builder who loves automation, clean detection logic, and incident readiness, this role is built for impact. You’ll be the technical bridge to a SOC partner, reduce alert noise, harden cloud defenses, and help scale security operations in a regulated healthcare SaaS environment.
About RethinkFirst
RethinkFirst is a leading behavioral health technology company working to make mental wellness, education, and support more accessible and scalable. Through platforms like RethinkEd, RethinkCare, and RethinkBH, they serve educators, employers, and providers with tools that deliver measurable, inclusive outcomes.
Schedule
Full-time | Remote
Remote eligibility: AL, AZ, CT, FL, GA, HI, IL, IN, KY, LA, MD, MA, MI, MN, MO, NC, NE, NH, NJ, NV, OH, OR, PA, RI, TN, TX, VA, WA, WI
What You’ll Do
- Build and maintain SecOps automation to eliminate manual work (Python, PowerShell, APIs, orchestration tools)
- Integrate telemetry from EDR, SIEM, cloud logs, vuln scanners, and identity systems to improve visibility and context
- Create reusable scripts, playbooks, and evidence-collection automations to support audits and incident response
- Own the technical relationship with the SOC/MDR partner and improve signal quality
- Tune detections, escalation paths, and severity classifications to reduce false positives and alert fatigue
- Validate detections against the company threat model and risk priorities
- Run after-action reviews with the SOC to improve handoffs, enrichment, and documentation
- Lead internal investigations when incidents escalate from the SOC
- Build and maintain incident playbooks/runbooks for repeatable response
- Coordinate containment, root cause analysis, and lessons learned with IT and Engineering
- Manage the vulnerability lifecycle: scanning, prioritization, remediation coordination, and SLA reporting
- Partner with DevOps/Engineering on cloud guardrails and least-privilege IAM
- Review cloud configurations (AWS/Azure/GCP) and recommend automated controls
- Mentor junior and offshore resources in automation, scripting, and incident response
- Support compliance evidence needs for SOC 2 and HITRUST
What You Need
- 8+ years in SecOps, DevOps, security engineering, or software development with strong automation focus in SaaS
- Strong scripting/automation skills (Python, PowerShell, etc.) and comfort integrating with APIs
- Experience collaborating with a managed SOC/MSSP/MDR provider
- Strong SIEM/EDR knowledge including alert tuning and log analysis
- Cloud security familiarity (AWS/Azure) plus infrastructure-as-code concepts
- Sharp analysis, documentation, and cross-team communication
Benefits
- Health, dental, and vision coverage
- Flexible paid time off
- 11 paid company holidays
- 401(k) with matching
- Parental leave
- Access to the RethinkCare platform (neurodiversity support, resilience, wellbeing)
This is the kind of role where your resume can’t be “I monitored alerts.” It has to scream: “I reduced noise, automated the grind, and made the SOC smarter.” If you want, paste your current SecOps bullets and I’ll Fuse-Method them into role-matching weapons.
Happy Hunting,
~Two Chicks…