Detection Engineering Specialist (Remote)

Job Description

Community Health Systems is one of the nation's leading healthcare providers. Developing and operating healthcare delivery systems in 40 distinct markets across 15 states, CHS is committed to helping people get well and live healthier. CHS operates 71 acute-care hospitals and more than 1,000 other sites of care, including physician practices, urgent care centers, freestanding emergency departments, occupational medicine clinics, imaging centers, cancer centers and ambulatory surgery centers.

Summary:

As a Detection Engineer Specialist, you will leverage your extensive knowledge and experience in threat detection and cybersecurity to design, implement, and manage advanced detection strategies. You are expected to possess a deep technical competence in Security Information and Event Management (SIEM) technologies, strong analytical and problem-solving skills, detection engineering best practices, and train and collaborate with fellow team members. You will work independently with minimal supervision and take a leadership role in developing and executing detection strategies to enhance the organization's security posture.

Technical competence in areas listed below. Good critical thinking skills. Strong problem resolution and organizational skills. Strong ability to work on and prioritize multiple concurrent projects, a willingness to participate in cross-functional training and support, and the ability to work independently.

Essential Duties and Responsibilities:

• Lead the design and implementation of SIEM solutions, ensuring they meet the organization's security requirements and industry best practices.

• Lead the development and implementation of advanced detection strategies to identify potential security threats and vulnerabilities.

• Work closely with other security teams to integrate detection capabilities with overall security operations, including customization, and optimization of detection rules.

• Perform advanced threat detection, analysis, and correlation using various detection tools and techniques to identify and mitigate security threats.

• Collaborate with the Incident Response, Threat Intelligence, and Threat Hunting teams to analyze and respond to security threats, providing expert guidance on detection-related issues.

• Develop and maintain documentation for detection engineering practices on how to create and refine detection use cases and techniques.

• Proactively identify new detection opportunities and improve existing detection methodologies using threat models and frameworks that ensure a comprehensive detection strategy and rule set.

• Maintain comprehensive documentation of detection configurations, processes, and activities.

• Provide technical leadership and mentorship to the Incident Response, Threat Intelligence, and Threat Hunting teams.

• Develop and accumulate lessons learned documentation from incidents to identify controls and new detections to prevent identified malicious activity from reoccurring.

Qualifications:

• Required Education: High School diploma

• Preferred Education: Bachelor's degree preferred or relevant experience. Appropriate industry certification(s) desired.

• Required Experience:

• Deep knowledge of typical IT platforms, operating systems, and configuration methods

• Deep knowledge of security threat tactics, techniques, and procedures (TTPs), incident response methodologies, and detection techniques

• Extensive experience with detection technologies (e.g., IDS/IPS, SIEM) and threat detection practices.

• 5+ years of IT or Information Security experience, including 3+ years SIEM Management or Detection Engineering experience

• Preferred Experience:

• Industry recognized cyber security training or certifications to include SANS, ISC2, EC-Council or CompTIA vendors.

• Familiarity with MITRE ATT&CK, Cyber Kill Chain, and other threat modeling frameworks.

• Experience in scripting and automation (e.g., Python, PowerShell) for security operations.

• Required License/Registration/Certification: None

• Computer Skills Required: Productivity suite software required

Physical Demands:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.

• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.

• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.