Humana Senior Threat Management Engineer (virtual home office remote eligible) in Overland Park, Kansas
The Senior Incident Response Engineer will be part of a dynamic, growing team, hunting for and responding to cyber incidents stemming from internal and external threat actors. The Senior Incident Response Engineer shall provide Tier 3 services, which is coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for cyber incidents.
The Incident Response Senior Engineer will be part of Humana's Cyber Incident Response team (CIR). CIR is the enterprise team responsible for the detection and response to the most sophisticated cyber threats and attacks. This role will leverage a variety of tools and resources to proactively detect, investigate, and mitigate emerging and persistent threats impacting Humana networks, systems, and applications.
Participate in security events and incidents, with a focus on incident response and forensics in accordance with our incident response plan.
Perform detection, analysis, and containment of an incident in both on premises and cloud.
Determines and identifies severity and impact and assigns appropriate priorities to all events and incidents
As a member of the core incident response team, coordinates with Privacy, Compliance Investigations, Corporate Security, and others as warranted
Utilize Humana acquired technologies to conduct large-scale investigations and examine host and network-based sources of evidence.
Analyze message headers and identify actionable indicators for remediation.
Analyze logs from SIEMs and other sources and be able to identify unauthorized activity.
Perform traffic and host analysis during an incident investigation.
Use security tools including IDS, IPS, firewalls, proxies, Web Application Firewall (WAF), etc., to triage events that may lead to incidents.
Receive on-call escalations from 24x7 security operations, providing assistance and resolution as needed.
Collaborate with forensic analysts and other analysts, law enforcement officers, and legal experts to recommend methods and procedures for recovery, preservation, and presentation of computer evidence.
Proficiency analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other event/incident artifacts using SPLUNK or SENTINEL in support of incident investigations.
Ability to act as the incident quarterback and/or lead investigator.
Assists with post-incident activities
Recommend and document specific counter-measures and mitigating controls.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Improve Humana's business processes and incident response methodologies.
Regularly interacts with leadership and customers
Bachelor degree or higher, technical discipline preferred
Minimum 5 years working experience in IT Security, preferably with exposure to security analysis, incident response and threat intelligence analysis.
Strong sense of ethics & values, ability to handle confidential situations with discretion
Strong understanding of the cyber security capabilities and threat landscape
Strong understanding of network and computer forensics
Understanding of malware analysis and reverse engineering
Strong understanding of network protocols, design and operations
Vulnerability and threat analysis experience
Working knowledge of Security principles, techniques and technologies
This role requires experience effectively communicating event details and technical analysis to technical audiences and stakeholders on the client side.
Strong analytical and problem solving skills
Ability to multi-task and prioritize workload
Willingness to learn
Good communication skills (written and oral)
Master's Degree in a Technical Field
CISSP, GCFA, GNFA, GCIA, GCIH, OSCP and other relevant information security certifications
Big data / Analytics experience
Understanding of artificial intelligence algorithms and application
Experience with various security monitoring and endpoint security tools
Experience with a scripting language such as Power Shell, Perl, Ruby, Python, and BASH
Technical expertise in at least three of the following areas:
Windows disk and memory forensics
Cloud Operations and Engineering
Network Security Monitoring (NSM), network traffic analysis, and log analysis
Unix or Linux disk and memory forensics
Static and dynamic malware analysis
NIST Kill Chain
Applied knowledge in at least one scripting or development language (such as Python)
Understanding of enterprise security controls in Active Directory / Windows environments
Prior training and public speaking experience
Ability to exercise emotional intelligence and situational awareness.
Strong interpersonal communication skills.
Willingness to travel up to 10%
Scheduled Weekly Hours