HCA Healthcare is part of the nation's leading provider of healthcare services, and they are seeking a Security Threat Engineer I to join their Cyber Defense Center (CDC). This role is essential in monitoring and responding to cyber security threats, providing Tier 1 and Tier 2 analysis, and collaborating with a team to enhance security measures.
Monitor security alert queue – investigate and triage events based on criticality. Provide recommendations on how to mitigate the threats. Use analytic techniques and critical thinking to determine if and when to escalate threats to larger Cyber Security team
Provide guidance to field resources on how to properly remediate a threat
Work closely with other CDC team members to improve tools, techniques, and procedures for CDC operation
Continuously improve documentation of work products and processes
Participate in red/blue team exercises
Execute HCA’s Incident Response plan as part of an incident response team. Serve as Incident Commander, Task Lead, or Scribe during incidents
Routinely collaborate with individuals and teams from across the enterprise
Qualification
Required
Bachelor's degree preferred
1+ years of relevant experience
Monitor security alert queue – investigate and triage events based on criticality. Provide recommendations on how to mitigate the threats. Use analytic techniques and critical thinking to determine if and when to escalate threats to larger Cyber Security team
Provide guidance to field resources on how to properly remediate a threat
Work closely with other CDC team members to improve tools, techniques, and procedures for CDC operation
Continuously improve documentation of work products and processes
Participate in red/blue team exercises
Execute HCA's Incident Response plan as part of an incident response team. Serve as Incident Commander, Task Lead, or Scribe during incidents
Routinely collaborate with individuals and teams from across the enterprise
Preferred
Experience as a member of a Cyber Incident Response Team (CIRT) or comparable team
Experience executing an Incident Response plan, preferably based on recognized industry standards (e.g. – NIST, SANS, etc)
Experience in Windows Artifact Analysis and Initial Forensic Analysis (e.g. – Program Execution, File/Folder opening, Account Usage, pulling memory, following proper evidence handling procedures, etc) using industry standard tools and available logs (e.g. – Endpoint Detection and Response (EDR) tools)
Experience in Memory Analysis using tools such as Volatility
Experience in network forensic analysis to determine validity of detected events using available network logs collected via SEIM
Experience in DFIR (Digital Forensics Incident Response)
Experience with an event/information analysis framework such as Analysis of Competing Hypotheses (ACH)
Experience in performing security analysis or reporting utilizing Security Incident and Event Management (SIEM) Technologies. Preferably Splunk and SPL experience
Experience with document management and sustaining Security Operations Center (SOC) policies and run book procedures for incident response
Experience with documenting root cause analysis and lessons learned
Experience consuming and generating cybersecurity threat intelligence
Experience across the technology stack. Familiarity with all OSI layers and expertise in some
Experiencing using the following types of security tools: SIEM, Firewalls, Web Proxy, Anti-Virus (AV), Next Gen Anti-Virus (NGAV), Endpoint Detection and Response (EDR), Sandboxing, Virtual Machines, Netflow analysis, Malware Repositories, Threat Intelligence, Deception Stack, Intrusion Detection/Prevention System (IDS/IPS), Security Orchestration Automation Response (SOAR), Phishing Triage, User Behavior Analytics (UBA), Email Hygiene and Filtering
Experience interfacing with peer support teams (Security Engineering, Vulnerability and Patching Teams, Networking, Access Management, Legal, Risk/Governance, etc.)
Experience working in a high-tempo, dynamic environment with a high-performance team
Experience with work ticketing systems (e.g. – ServiceNow, JIRA)
Experience with Threat Modeling and Kill Chain analysis
Benefits
Comprehensive benefits for medical, prescription drug, dental, vision, behavioral health and telemedicine services
Wellbeing support, including free counseling and referral services
Time away from work programs for paid time off, paid family leave, long- and short-term disability coverage and leaves of absence
Savings and retirement resources, including a 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service), Employee Stock Purchase Plan, flexible spending accounts, preferred banking partnerships, retirement readiness tools, rollover support and financial wellbeing counseling
Education support through tuition assistance, student loan assistance, certification support, dependent scholarships and a partnership with Galen College of Nursing
Additional benefits for fertility and family building, adoption assistance, life insurance, supplemental health protection plans, auto and home insurance, legal counseling, identity theft protection and consumer discounts
HCA Healthcare provides medical education and healthcare services in locally managed facilities. It is a sub-organization of North Florida Endoscopy Center.
Glassdoor
3.3
Founded in 1968
Nashville, Tennessee, USA
10001+ employees
https://hcahealthcare.com/
HCA Healthcare provides medical education and healthcare services in locally managed facilities. It is a sub-organization of North Florida Endoscopy Center.
