Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Lead Investigator (Dfir Digital Forensics And Incident Response) Telecommute

Expired Job

Unitedhealth Group Inc. Raleigh , NC 27611

Posted 2 weeks ago

Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing your life's best work.(sm)

Primary Responsibilities:

  • Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies

  • Design and build custom tools for investigations, hunting, and research

  • Assist in the design, evaluation, and implementation of new security technologies

  • Lead response and investigation efforts into advanced/targeted attacks

  • Hunt for and identify threat actor groups and their techniques, tools and processes

  • Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses

  • Provide expert analytic investigative support of large scale and complex security incidents

  • Perform Root Cause Analysis of security incidents for further enhancement of alert catalog

  • Continuously improve processes for use across multiple detection sets for more efficient Security Operations

  • Document best practices using available collaboration tools and workspaces

  • Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed

  • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.

  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors

  • A passion for research, and uncovering the unknown about internet threats and threat actors

Required Qualifications:

  • Bachelor's in Computer Science or related field, or equivalent experience

  • Industry Cyber Security Certifications including; CEH, CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), Splunk Certified Knowledge Manager, Splunk Certified Admin, or Splunk Certified Architect.

  • 5 years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC

  • Experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk, ELK, or similar tools, and malware triage

  • Knowledge of the Cyber Kill Chain and the Diamond Model of Analysis

  • Experience with creating automated log correlations in Splunk, ELK, or a similar tool to identify anomalous and potentially malicious behavior

  • Experience with Netflow or PCAP analysis

  • Experience with a common scripting or programming language, including Perl, Python, Bash or Shell, PowerShell, or batch

  • Experience with the Windows file system and registry functions or *NIX operating systems and command line tools

  • Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts

  • Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.(sm)

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
IT Senior Security Analyst Incident Respnse/Siem


Posted 3 days ago

VIEW JOBS 9/18/2018 12:00:00 AM 2018-12-17T00:00 * Work in cross-functional teams in the identification of cyber Threats/risks, develop, implement and review CSIRT security processes * Contributor to Incident Response planning, tabletop exercises, runbook creation and document recertification. * Understanding the threat landscape and potential impacts take corrective actions to mitigate risks to AXA * Ability to understand current and emerging security threats/vulnerabilities within AXA, communicate impact based on potential risk, and prioritize and drive mitigation and remediation efforts. * Ability to manage schedules to drive continuous operational improvement and remediation initiatives, and assure these solutions are delivered in line with AXA US standards. * Ability to work with minimum supervision and effectively operate in a dynamic global organization. * Execute operational tasks as needed (IDS/IPS tuning, vulnerability scanning, firewall rule review/maintenance, legal and regulatory requirements etc. * Provide a point of escalations and support to the Security Operations Center * On call support will be required QUALIFICATIONS: * Relevant security knowledge and experience in two or more of the following areas: incident response/ security operations, security intelligence, threat analysis, security event management, log analysis, penetration testing, vulnerability management, forensics and SIEM technology. * Experience working with information security frameworks (SANS, NIST) * Familiarity with Incident Response processes and operations * Strong stakeholder skills, with the ability to communicate technically with IT and information security experts, but also effectively translate issues and risks into clear and understandable business language * Ability to think creatively about remediation and countermeasures to challenging Information Security threats. * Planning, directing and facilitating response and recovery activities, based on a mature understanding of potential risk and business need to the company for a security incident. * Ability to understand current security vulnerabilities within the organization, communicate impact based on potential risk, and prioritize and drive remediation efforts. * Ability to drive continuous operational improvement and remediation initiatives, and assure these solutions are delivered in line with AXA standards and policies * 3 - 5 years of information security related experience in areas such as security operations, incident analysis, incident response handling, intrusion detection, log analysis. * Experience in security event/alert monitoring, understanding identifying intruder techniques employed, Security Principles, Security Vulnerabilities/Weaknesses and threats * Experience working with a SIEM such as Splunk, QRADAR or ArcSight * Experience with security operational tools: SIEM technology, IDS/IPS, Advanced Malware tools, AV, vulnerability scanners, data loss prevention is a plus * An understanding of common OS and domain structures, servers, services and associated vulnerabilities. * Experience with UNIX/LINUX a plus * CISSP, GCIA, CEH, CHFI a plus ABOUT AXA: We have been providing stability and reliability to our clients since 1859 to help them live their lives with confidence, to give them peace of mind, and enable them to realize their dreams for their loved ones and their legacy. As an employer AXA is committed to creating an environment where everyone feels completely comfortable bringing their true selves to work every day. AXA US has been recognized and certified as a great place to work by the Great Place to Work Institute. We provide our employees opportunities to move within our organization so they can grow their career and skills without ever having to leave AXA. Almost 40% of our open jobs are filled with current employees. NOTE: AXA participates in the E-Verify program. In addition to competitive compensation and an outstanding benefits package including 401 (k) and medical programs, we offer the opportunity for continued professional development in a congenial corporate environment. AXA is committed to providing equal employment opportunities to our employees, applicants and candidates based on individual qualifications, without regard to race, color, religion, gender, gender identity and expression, age, national origin, mental or physical disabilities, sexual orientation, veteran status, genetic information or any other class protected by federal, state and local laws. Would you like to wake up every day driven and inspired by our noble mission and to work together as one global team to empower people to live a better life? Here at AXA we strive to lead the transformation of our industry. We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things. In a fast-evolving world and with a presence in 64 countries, our 166,000 employees and exclusive distributors anticipate change to offer services and solutions tailored to the current and future needs of our 103 million customers. . . AXA Raleigh NC

Lead Investigator (Dfir Digital Forensics And Incident Response) Telecommute

Expired Job

Unitedhealth Group Inc.