Lead Investigator (Dfir Digital Forensics And Incident Response) Telecommute

Unitedhealth Group Inc. Raleigh , NC 27611

Posted Yesterday

Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing your life's best work.(sm)

Primary Responsibilities:

  • Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies

  • Design and build custom tools for investigations, hunting, and research

  • Assist in the design, evaluation, and implementation of new security technologies

  • Lead response and investigation efforts into advanced/targeted attacks

  • Hunt for and identify threat actor groups and their techniques, tools and processes

  • Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses

  • Provide expert analytic investigative support of large scale and complex security incidents

  • Perform Root Cause Analysis of security incidents for further enhancement of alert catalog

  • Continuously improve processes for use across multiple detection sets for more efficient Security Operations

  • Document best practices using available collaboration tools and workspaces

  • Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed

  • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.

  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors

  • A passion for research, and uncovering the unknown about internet threats and threat actors

Required Qualifications:

  • Bachelor's in Computer Science or related field, or equivalent experience

  • Industry Cyber Security Certifications including; CEH, CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), Splunk Certified Knowledge Manager, Splunk Certified Admin, or Splunk Certified Architect.

  • 5 years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC

  • Experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk, ELK, or similar tools, and malware triage

  • Knowledge of the Cyber Kill Chain and the Diamond Model of Analysis

  • Experience with creating automated log correlations in Splunk, ELK, or a similar tool to identify anomalous and potentially malicious behavior

  • Experience with Netflow or PCAP analysis

  • Experience with a common scripting or programming language, including Perl, Python, Bash or Shell, PowerShell, or batch

  • Experience with the Windows file system and registry functions or *NIX operating systems and command line tools

  • Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts

  • Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.(sm)

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cybersecurity Consultant 3 ...


Posted 2 days ago

VIEW JOBS 7/14/2018 12:00:00 AM 2018-10-12T00:00 Overall Purpose: AT&T Security Consulting Group is seeking an expert and experienced Senior Consultant to provide Incident Response and Forensic (IRF) Trusted Advisor services to AT&T's US and global clients. Key services include: Cybersecurity Incident and Breach Response, forensic analysis of compromised assets, malware reverse engineering, and ultimately identification and remediation of compromised assets. Key Roles and Responsibilities: * Collaborates with and provides consulting services to clients in a trusted advisor role. * Works on billable consulting service projects. * Works independently on complex projects or works in a team as a project leader. * Provides advisory assessments in relation to cybersecurity breach prevention. * Conducts gap assessments and provides actionable recommendations to remediate shortcomings. * Documents findings and recommendations in Remediation Roadmaps. * Manages aspects of delivery, customer satisfaction, and accurate timekeeping for billing purposes on projects where the consultant is the only technical resource or lead technical resource. * Participates in group discussions to further knowledge in the IRF practice and provides peer review of deliverables. Secondary Responsibilities: * In a sales support role, meeting with customers as an IRF SME in support of sales team. * Support in identifying additional sales leads on assigned projects and beyond. * Attending sales conference calls or client meetings, support in scoping and developing SOWs/proposals. Education: * Bachelor's degree desired or equivalent experience and a minimum of five (5) years of enterprise security related work experience. Master's Degree in a technical discipline preferred. Requirements: * Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion set tactics, techniques, and procedures. * In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform. * Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements. * Demonstrated hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, Full Packet Capture), and other attack artifacts in support of incident investigations. * Experience and proficiency with any of the following: Anti-Virus, HIPS, IDS/IPS, Full Packet Capture, Host-Based Forensics, Network Forensics. * Experience with malware analysis concepts and methods. * Familiarity or experience in Cyber Kill Chain methodology. * Knowledge of Virtualization and Cloud security. * Knowledge of Linux, UNIX, Windows (including Active Directory) and other operating systems. * Knowledge of popular databases such as MSSQL, Oracle, and MySQL. * Must be a flexible team player, hard-working, and possess excellent communication and customer-facing skills. * Must be self-directed, able to manage solo projects or participate as part of a larger team. * Strong report writing skills and ability to explain complex security issues to customers in a formal presentation format. * Must be able to interact confidently with all levels of technical and management client teams. * One Security certification such as CISSP, CISA, CISM, PCI QSA, CEH, SANS GSEC, etc., is required and willingness to pursue further certification preferred. * Ability to travel 50%-75%, mostly within region, must possess drivers' license. Additional Requirements * Knowledge and experience with risk and compliance assessments. * SCADA / Control systems network experience a plus. * VoIP Infrastructure knowledge a plus. * Bi-lingual candidates a plus. Additional Information: Job ID 1828629-6 Date posted 07/03/2018 At&T Raleigh NC

Lead Investigator (Dfir Digital Forensics And Incident Response) Telecommute

Unitedhealth Group Inc.