Senior Threat Management Engineer (virtual home office remote eligible)

Humana

Indianapolis Indiana

United States

Engineering
(No Timezone Provided)

About this job

Description

The Senior Incident Response Engineer will be part of a dynamic, growing team, hunting for and responding to cyber incidents stemming from internal and external threat actors. The Senior Incident Response Engineer shall provide Tier 3 services, which is coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for cyber incidents.

Responsibilities

The Incident Response Senior Engineer will be part of Humana’s Cyber Incident Response team (CIR). CIR is the enterprise team responsible for the detection and response to the most sophisticated cyber threats and attacks. This role will leverage a variety of tools and resources to proactively detect,

Description

The Senior Incident Response Engineer will be part of a dynamic, growing team, hunting for and responding to cyber incidents stemming from internal and external threat actors. The Senior Incident Response Engineer shall provide Tier 3 services, which is coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for cyber incidents.

Responsibilities

The Incident Response Senior Engineer will be part of Humana’s Cyber Incident Response team (CIR). CIR is the enterprise team responsible for the detection and response to the most sophisticated cyber threats and attacks. This role will leverage a variety of tools and resources to proactively detect, investigate, and mitigate emerging and persistent threats impacting Humana networks, systems, and applications.

Key Responsibilities: 

  • Participate in security events and incidents, with a focus on incident response and forensics in accordance with our incident response plan.
  • Perform detection, analysis, and containment of an incident in both on premises and cloud.
  • Determines and identifies severity and impact and assigns appropriate priorities to all events and incidents
  • As a member of the core incident response team, coordinates with Privacy, Compliance Investigations, Corporate Security, and others as warranted
  • Utilize Humana acquired technologies to conduct large-scale investigations and examine host and network-based sources of evidence.
  • Analyze message headers and identify actionable indicators for remediation.
  • Analyze logs from SIEMs and other sources and be able to identify unauthorized activity.
  • Perform traffic and host analysis during an incident investigation.
  • Use security tools including IDS, IPS, firewalls, proxies, Web Application Firewall (WAF), etc., to triage events that may lead to incidents.
  • Receive on-call escalations from 24×7 security operations, providing assistance and resolution as needed.
  • Collaborate with forensic analysts and other analysts, law enforcement officers, and legal experts to recommend methods and procedures for recovery, preservation, and presentation of computer evidence.
  • Proficiency analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other event/incident artifacts using SPLUNK or SENTINEL in support of incident investigations.
  • Ability to act as the incident quarterback and/or lead investigator.
  • Assists with post-incident activities
  • Recommend and document specific counter-measures and mitigating controls.
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Improve Humana's business processes and incident response methodologies.
  • Regularly interacts with leadership and customers
  • Required Qualifications

  • Bachelor degree or higher, technical discipline preferred

  • Minimum 5 years working experience in IT Security, preferably with exposure to security analysis, incident response and threat intelligence analysis.

  • Strong sense of ethics & values, ability to handle confidential situations with discretion

  • Strong understanding of the cyber security capabilities and threat landscape
  • Strong understanding of network and computer forensics
  • Understanding of malware analysis and reverse engineering
  • Strong understanding of network protocols, design and operations
  • Vulnerability and threat analysis experience
  • Working knowledge of Security principles, techniques and technologies
  • This role requires experience effectively communicating event details and technical analysis to technical audiences and stakeholders on the client side.
  • Strong analytical and problem solving skills
  • Ability to multi-task and prioritize workload
  • Willingness to learn
  • Good communication skills (written and oral)
  • Preferred Qualifications

  • Master's Degree in a Technical Field
  • CISSP, GCFA, GNFA, GCIA, GCIH, OSCP and other relevant information security certifications

  • Big data / Analytics experience

  • Understanding of artificial intelligence algorithms and application
  • Experience with various security monitoring and endpoint security tools
  • Experience with a scripting language such as Power Shell, Perl, Ruby, Python, and BASH
  • Technical expertise in at least three of the following areas: Windows disk and memory forensicsCloud Operations and EngineeringNetwork Security Monitoring (NSM), network traffic analysis, and log analysisUnix or Linux disk and memory forensicsStatic and dynamic malware analysisNIST Kill ChainMITRE ATT&CKApplied knowledge in at least one scripting or development language (such as Python)Understanding of enterprise security controls in Active Directory / Windows environments
  • Additional Information

  • Prior training and public speaking experience
  • Ability to exercise emotional intelligence and situational awareness. 
  • Strong interpersonal communication skills.
  • Willingness to travel up to 10%
  • Scheduled Weekly Hours

    40

    Senior Threat Management Engineer (virtual home office remote eligible)

    Humana

    Indianapolis Indiana

    United States

    Engineering

    (No Timezone Provided)

    About this job

    Description

    The Senior Incident Response Engineer will be part of a dynamic, growing team, hunting for and responding to cyber incidents stemming from internal and external threat actors. The Senior Incident Response Engineer shall provide Tier 3 services, which is coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for cyber incidents.

    Responsibilities

    The Incident Response Senior Engineer will be part of Humana’s Cyber Incident Response team (CIR). CIR is the enterprise team responsible for the detection and response to the most sophisticated cyber threats and attacks. This role will leverage a variety of tools and resources to proactively detect,

    Description

    The Senior Incident Response Engineer will be part of a dynamic, growing team, hunting for and responding to cyber incidents stemming from internal and external threat actors. The Senior Incident Response Engineer shall provide Tier 3 services, which is coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for cyber incidents.

    Responsibilities

    The Incident Response Senior Engineer will be part of Humana’s Cyber Incident Response team (CIR). CIR is the enterprise team responsible for the detection and response to the most sophisticated cyber threats and attacks. This role will leverage a variety of tools and resources to proactively detect, investigate, and mitigate emerging and persistent threats impacting Humana networks, systems, and applications.

    Key Responsibilities: 

  • Participate in security events and incidents, with a focus on incident response and forensics in accordance with our incident response plan.
  • Perform detection, analysis, and containment of an incident in both on premises and cloud.
  • Determines and identifies severity and impact and assigns appropriate priorities to all events and incidents
  • As a member of the core incident response team, coordinates with Privacy, Compliance Investigations, Corporate Security, and others as warranted
  • Utilize Humana acquired technologies to conduct large-scale investigations and examine host and network-based sources of evidence.
  • Analyze message headers and identify actionable indicators for remediation.
  • Analyze logs from SIEMs and other sources and be able to identify unauthorized activity.
  • Perform traffic and host analysis during an incident investigation.
  • Use security tools including IDS, IPS, firewalls, proxies, Web Application Firewall (WAF), etc., to triage events that may lead to incidents.
  • Receive on-call escalations from 24×7 security operations, providing assistance and resolution as needed.
  • Collaborate with forensic analysts and other analysts, law enforcement officers, and legal experts to recommend methods and procedures for recovery, preservation, and presentation of computer evidence.
  • Proficiency analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other event/incident artifacts using SPLUNK or SENTINEL in support of incident investigations.
  • Ability to act as the incident quarterback and/or lead investigator.
  • Assists with post-incident activities
  • Recommend and document specific counter-measures and mitigating controls.
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Improve Humana's business processes and incident response methodologies.
  • Regularly interacts with leadership and customers
  • Required Qualifications

  • Bachelor degree or higher, technical discipline preferred

  • Minimum 5 years working experience in IT Security, preferably with exposure to security analysis, incident response and threat intelligence analysis.

  • Strong sense of ethics & values, ability to handle confidential situations with discretion

  • Strong understanding of the cyber security capabilities and threat landscape
  • Strong understanding of network and computer forensics
  • Understanding of malware analysis and reverse engineering
  • Strong understanding of network protocols, design and operations
  • Vulnerability and threat analysis experience
  • Working knowledge of Security principles, techniques and technologies
  • This role requires experience effectively communicating event details and technical analysis to technical audiences and stakeholders on the client side.
  • Strong analytical and problem solving skills
  • Ability to multi-task and prioritize workload
  • Willingness to learn
  • Good communication skills (written and oral)
  • Preferred Qualifications

  • Master's Degree in a Technical Field
  • CISSP, GCFA, GNFA, GCIA, GCIH, OSCP and other relevant information security certifications

  • Big data / Analytics experience

  • Understanding of artificial intelligence algorithms and application
  • Experience with various security monitoring and endpoint security tools
  • Experience with a scripting language such as Power Shell, Perl, Ruby, Python, and BASH
  • Technical expertise in at least three of the following areas: Windows disk and memory forensicsCloud Operations and EngineeringNetwork Security Monitoring (NSM), network traffic analysis, and log analysisUnix or Linux disk and memory forensicsStatic and dynamic malware analysisNIST Kill ChainMITRE ATT&CKApplied knowledge in at least one scripting or development language (such as Python)Understanding of enterprise security controls in Active Directory / Windows environments
  • Additional Information

  • Prior training and public speaking experience
  • Ability to exercise emotional intelligence and situational awareness. 
  • Strong interpersonal communication skills.
  • Willingness to travel up to 10%
  • Scheduled Weekly Hours

    40