• Lead Cyber Insider Threat Engineer

    HCA Healthcare (Nashville, TN)


    Description

    Introduction

     

    Experience the HCA Healthcare difference where colleagues are trusted, valued members of our healthcare team. Grow your career with an organization committed to delivering respectful, compassionate care, and where the unique and intrinsic worth of each individual is recognized. Submit your application for the opportunity below:Lead Cyber Insider Threat EngineerHCA Healthcare

     

    Benefits

     

    HCA Healthcare offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

     

    + Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.

    + Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.

    + Free counseling services and resources for emotional, physical and financial wellbeing

    + 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)

    + Employee Stock Purchase Plan with 10% off HCA Healthcare stock

    + Family support through fertility and family building benefits with Progyny and adoption assistance.

    + Referral services for child, elder and pet care, home and auto repair, event planning and more

    + Consumer discounts through Abenity and Consumer Discounts

    + Retirement readiness, rollover assistance services and preferred banking partnerships

    + Education assistance (tuition, student loan, certification support, dependent scholarships)

    + Colleague recognition program

    + Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)

    + Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

     

    Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)

     

    _Note: Eligibility for benefits may vary by location._

     

    We are seeking a Lead Cyber Insider Threat Engineer for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!

     

    Job Summary and Qualifications

     

    The Lead Cyber Insider Threat Engineer will lead the development and execution of a formal Insider Threat Detection and Response program. This role will serve as a critical line of defense against sophisticated insider threats by working closely with our Cyber Operations and Threat Intelligence teams to detect, investigate, and mitigate risks that could impact our patients, the communities we serve, people, and our organization.

     

    The role's primary responsibility will be to build out and operationalize HCA’s Insider Threat Program; This includes designing and implementing a formal governance structure, establishing cross-functional collaboration with Information Security leadership, Ethics & Compliance, and Legal, and HR aligning the program to industry best practices (EX: Carnegie Mellon CERT, DNI NITTF). This role requires a seasoned professional with a proven track record of building Insider Threat programs and someone who can translate complex risk scenarios into actionable program components, foster stakeholder buy-in and drive continuous improvement. This role will need to develop Policies, Threat Models, Insider Threat Training Materials, and provide advisories to senior leadership.

     

    Other responsibilities include focusing on technical execution and capability enhancement. This includes leading complex investigations into potential insider threat activity, maintaining\tuning insider threat management tools (ITM) and collaborating with Threat Intelligence and DFIR teams to improve operational procedures. The engineer will also contribute to proactive threat hunting efforts and ensure that insider threat capabilities remain current, effective, and well-documented.

    GENERAL RESPONSIBILITIES

    + Lead the creation of a formal Insider Threat Detection and Response Program, grounded in frameworks such as Carnegie Mellon CERT and the National Insider Threat Task Force (NITTF). Define the program’s mission, scope, and governance model to ensure enterprise-wide alignment and accountability.

    + Work with Cyber Operations and IT leadership to create governance documentation, including charters, escalation protocols, and decision-making frameworks. Ensure the program is embedded within the broader enterprise risk and compliance ecosystem.

    + Serve as the primary liaison between Cyber Security Operations, Ethics & Compliance, Legal, HR, and other business units. Build relationships with our partner teams to ensure insider threat mitigation is integrated into enterprise risk management and employee lifecycle processes.

    + Author and maintain insider threat policies, procedures, and standards that are actionable, measurable, and aligned with regulatory and organizational requirements (HR, Legal, Ethics). Ensure these are regularly reviewed and updated to reflect evolving threats and business needs.

    + Establish reportable metrics and reporting mechanisms to measure program maturity, effectiveness, and responsiveness. Deliver regular briefings to executive leadership and governance bodies.

    + Conduct and coordinate complex investigations into suspected insider activity, including data exfiltration, unauthorized access, and policy violations. Collaborate with DFIR, Cyber Threat Intelligence, and Legal to ensure investigations are thorough, timely, and legally defensible.

    + Maintain and tune Insider Threat Management (ITM) platforms and work with partner teams to support ITM tool deployment via SCCM, Intune, etc.. Ensure configurations support investigative workflows, data collection, and alerting capabilities remain consistent across Windows and macOS endpoints.

    + Participate in proactive threat hunting activities using internal threat intelligence and industry-reported indicators of compromise (IOCs). Use findings to inform detection logic, investigative playbooks, and risk mitigation strategies.

    + Collaborate with Cyber Defense Center (CDC) and threat intelligence teams to refine standard operating procedures (SOPs) for insider threat detection, escalation, and response. Ensure alignment with broader incident response protocols.

    + Maintain detailed documentation of investigative processes, tool configurations, and operational workflows. Ensure documentation supports audit readiness, knowledge transfer, and program continuity.

    + Contribute to the development of tabletop exercises, simulation scenarios, and technical training to enhance organizational readiness and response capabilities related to insider threats.

    RELEVANT WORK EXPERIENCE

    + 7+ years

    EDUCATION

    + Bachelor’s Degree Preferred

    OTHER/SPECIAL QUALIFICATIONS

    + Effective team management skills

    + Effective time management skills

    + Effective organizational skills

    + Effective written and oral communication skills

    + Effective analytical skills

    + Effective project management skills

    + Creative problem solving

    + Competent using the Microsoft Office suite of products.

    + Familiarity with Incident Response and ability to work efficiently and effectively under stress.

    + Effective investigative skills to question data and behavior in an effort to uncover truth during forensic investigations.

    PHYSICAL DEMANDS/WORKING CONDITIONS

    + 24x7 On-call rotation support

    + Occasional travel required (<10%)

     

    HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

     

    "There is so much good to do in the world and so many different ways to do it."- Dr. Thomas Frist, Sr.

     

    HCA Healthcare Co-Founder

     

    If you find this opportunity compelling, we encourage you to apply for our Lead Cyber Insider Threat Engineer opening. We promptly review all applications. Highly qualified candidates will be directly contacted by a member of our team. **We are interviewing - apply today!**

     

    We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.