• Security Threat Engineer I

    HCA Healthcare (Nashville, TN)


    Description

    Introduction

     

    Experience the HCA Healthcare difference where colleagues are trusted, valued members of our healthcare team. Grow your career with an organization committed to delivering respectful, compassionate care, and where the unique and intrinsic worth of each individual is recognized. Submit your application for the opportunity below:Security Threat Engineer IHCA Healthcare

     

    Benefits

     

    HCA Healthcare offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

     

    + Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.

    + Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.

    + Free counseling services and resources for emotional, physical and financial wellbeing

    + 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)

    + Employee Stock Purchase Plan with 10% off HCA Healthcare stock

    + Family support through fertility and family building benefits with Progyny and adoption assistance.

    + Referral services for child, elder and pet care, home and auto repair, event planning and more

    + Consumer discounts through Abenity and Consumer Discounts

    + Retirement readiness, rollover assistance services and preferred banking partnerships

    + Education assistance (tuition, student loan, certification support, dependent scholarships)

    + Colleague recognition program

    + Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)

    + Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

     

    Learn more about Employee Benefits (https://careers.hcahealthcare.com/pages/employee-benefits-and-rewards)

     

    _Note: Eligibility for benefits may vary by location._

     

    We are seeking a Security Threat Engineer I for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!

     

    Job Summary and Qualifications

     

    The Threat Response Engineer 1 – serving as the last line of defense between HCA and the threat actors that wish to bring harm to HCA and the patients we serve – is a critical member of the 24/7 CDC team. They will use state of the art technologies to detect threats on our network and eradicate them as a member of our Cyber Defense Center (CDC). As a member of the CDC, they will operate along with a small team of like-minded individuals with a passion for cyber security.

     

    This role will provide Tier 1 and Tier 2 analysis and response to cyber security threats. Threat Response Engineers will be expected to detect malicious activity and support the business through the Incident Response process for both routine and major events. Successful candidates will have a passion for cybersecurity and be naturally curious and self-motivated to investigate and discover root causes of events while working in a fast-paced and sometimes stressful environment. Good teamwork and communication skills are also vital. Our team operates as a close-knit group serving a noble purpose – to win the fight against evil every day.

    GENERAL RESPONSIBILITIES

    Major Responsibilities:

    + Monitor security alert queue – investigate and triage events based on criticality. Provide recommendations on how to mitigate the threats. Use analytic techniques and critical thinking to determine if and when to escalate threats to larger Cyber Security team.

    + Provide guidance to field resources on how to properly remediate a threat.

    + Work closely with other CDC team members to improve tools, techniques, and procedures for CDC operation.

    + Continuously improve documentation of work products and processes.

    + Participate in red/blue team exercises.

    + Execute HCA’s Incident Response plan as part of an incident response team. Serve as Incident Commander, Task Lead, or Scribe during incidents.

    + Routinely collaborate with individuals and teams from across the enterprise.

    Desired Experience:

    + Experience as a member of a Cyber Incident Response Team (CIRT) or comparable team.

    + Experience executing an Incident Response plan, preferably based on recognized industry standards (e.g. – NIST, SANS, etc).

    + Experience in Windows Artifact Analysis and Initial Forensic Analysis (e.g. – Program Execution, File/Folder opening, Account Usage, pulling memory, following proper evidence handling procedures, etc) using industry standard tools and available logs (e.g. – Endpoint Detection and Response (EDR) tools).

    + Experience in Memory Analysis using tools such as Volatility

    + Experience in network forensic analysis to determine validity of detected events using available network logs collected via SEIM.

    + Experience in DFIR (Digital Forensics Incident Response).

    + Experience with an event/information analysis framework such as Analysis of Competing Hypotheses (ACH).

    + Experience in performing security analysis or reporting utilizing Security Incident and Event Management (SIEM) Technologies. Preferably Splunk and SPL experience.

    + Experience with document management and sustaining Security Operations Center (SOC) policies and run book procedures for incident response.

    + Experience with documenting root cause analysis and lessons learned.

    + Experience consuming and generating cybersecurity threat intelligence.

    + Experience across the technology stack. Familiarity with all OSI layers and expertise in some.

    Experiencing using the following types of security tools:

    + SIEM

    + Firewalls

    + Web Proxy

    + Anti-Virus (AV)

    + Next Gen Anti-Virus (NGAV)

    + Endpoint Detection and Response (EDR)

    + Sandboxing

    + Virtual Machines

    + Netflow analysis

    + Malware Repositories

    + Threat Intelligence

    + Deception Stack

    + Intrusion Detection/Prevention System (IDS/IPS)

    + Security Orchestration Automation Response (SOAR)

    + Phishing Triage

    + User Behavior Analytics (UBA)

    + Email Hygiene and Filtering

    + Experience interfacing with peer support teams (Security Engineering, Vulnerability and Patching Teams, Networking, Access Management, Legal, Risk/Governance, etc.)

    + Experience working in a high-tempo, dynamic environment with a high-performance team.

    + Experience with work ticketing systems (e.g. – ServiceNow, JIRA).

    + Experience with Threat Modeling and Kill Chain analysis.

    RELEVANT WORK EXPERIENCE

    + 1+ years

    EDUCATION

    + Bachelor’s Degree Preferred

    OTHER/SPECIAL QUALIFICATIONS

    + The successful candidate will possess the following aptitudes and skillsets:

    + Able to maintain a superior knowledge of the cyber security capabilities of operating systems, networking devices, control systems, and vendor offerings via self-directed learning and formal training.

    + Excellent critical thinking skills to understand available data and use it to support or refute potential hypothesis that explain the data. Use available data to develop and communicate conclusions and recommendations.

    + An ability to work and thrive in stressful situations. A demeanor that conveys calm professionalism in stressful situations.

    + An ability to maintain confidentiality of sensitive data and to follow proper ethical practices for using tools and accessing data.

    + A strong desire to determine root cause of events. A willingness to fully investigate all alternatives exhaustively until a conclusion can be supported.

    + Ability to self-prioritize tasks based on criticality and threat level.

    + Advanced written and oral communication skills.

    The following certifications and courses are helpful, but, not required:

    + Certified Ethical Hacker (CEH)

    + GIAC: GSEC, GCIH, GCIA, GCED, GMON, GCDA, GDAT, GCFE or comparable

    + CompTIA Security **PHYSICAL DEMANDS/WORKING CONDITIONS**

    + Extensive periods of sitting or standing at work station to include use of mouse, keyboard, and monitor(s).

     

    HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

     

    "There is so much good to do in the world and so many different ways to do it."- Dr. Thomas Frist, Sr.

     

    HCA Healthcare Co-Founder

     

    If you find this opportunity compelling, we encourage you to apply for our Security Threat Engineer I opening. We promptly review all applications. Highly qualified candidates will be directly contacted by a member of our team. **We are interviewing - apply today!**

     

    We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.