United States onlyAbout Crossover Health
Crossover Health is creating the future of health as it should be. A national, team-based medical group with a focus on wellbeing and prevention that extends beyond traditional sick care, the company delivers an entirely new model of healthcare—Primary Health—built on the foundation of trusted relationships, an interdisciplinary care team approach, and outcomes-based payment. Crossover’s Primary Health model integrates primary care, physical medicine, mental health, health coaching, care navigation and more, and delivers care in surround-sound—in-person, virtually and via asynchronous messaging. Together we are building a community of members that embraces healthcare as a proactive part of their lifestyle.
Job Summary
This role will be responsible for building and operating Crossover’s detection and response capabilities. As part of a small, high-impact team, the Security Engineer (Detection and Response) will design, implement, and automate security monitoring, detection, and response workflows that protect our people, data, and systems. The ideal candidate will be a hands-on engineer who is passionate about solving complex security challenges through automation and continuous improvement.Job Responsibilities
Incident Response: Detect, analyze, and respond to security incidents, ensuring timely remediation, documentation, and lessons learned.
Detection Engineering: Develop, tune, and maintain detection logic across SIEM, EDR, IDS, and related platforms to improve visibility and reduce false positives.
SOAR & Automation: Build and maintain SOAR playbooks and scripts to automate alert triage, response actions, and routine operational tasks.
Threat Intelligence & Analysis: Correlate threat intelligence with internal telemetry to identify emerging risks and inform new detection capabilities.
Security Monitoring: Operate and enhance monitoring systems to identify potential threats across cloud, endpoint, and network environments.
Security Awareness & Reporting: Support awareness and phishing programs, and deliver clear, actionable reporting and communications on security posture and incidents to leadership.
Data Loss Prevention: Develop DLP rules and processes to detect and prevent data loss or misuse across cloud, endpoint, and email systems.
Requirements
6+ years of experience in security operations, incident response, or threat detection, with demonstrated technical leadership.
Strong hands-on expertise with SIEM, EDR, IDS/IPS, and SOAR platforms
Deep understanding of security event analysis, threat intelligence, and response automation.
Experience developing and maintaining incident response playbooks, runbooks, and operational processes.
Solid knowledge of network, endpoint, and cloud security fundamentals.
Excellent communication and collaboration skills, with the ability to lead cross-functional response efforts and convey complex security topics clearly.
Strong organizational and problem solving skills
Preferred Qualifications
Security related certifications, such as CISSP, GCIH, GSOC and/or other professional certifications
Experience implementing and/or managing Jira workflows and configurations
Development experience or working knowledge of common coding languages
Prior experience with HIPAA regulations and clinical environments
Crossover Health is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at careers@crossoverhealth.com.
To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.
