CyberSecurity Threat Intelligence Engineer 2

at Humana
Published January 16, 2019
Location Louisville, KY
Category Default  
Job Type Full-time  

Description

Description

The CyberSecurity Operations Center Engineer 2 develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. The CyberSecurity Operations Center Engineer 2 work assignments are varied and frequently require interpretation and independent determination of the appropriate courses of action.

Responsibilities

The CyberSecurity Operations Center Engineer 2 maintains hardware, software and network firewalls, intrusion detection systems, anti-virus software, vulnerability scanning systems and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Evaluates information security configurations when intrusions have occurred and monitors the effectiveness of implemented changes. Responsible for resolution of high level incident response to network attacks. Focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems. Focused on ensuring products (including websites) and hosted networks are designed and developed to be cyber-safe and compliant. Understands department, segment, and organizational strategy and operating objectives, including their linkages to related areas. Makes decisions regarding own work methods, occasionally in ambiguous situations, and requires minimal direction and receives guidance where needed. Follows established guidelines/procedures.

Experience

6 years of Information Technology experience, with at least 4 years of experience in information security working within security operations

Security Operations Center (SOC) experience

Information security community experience; a blog, website, published papers, conference presentations, or other experience on the public side of the security field.

Familiar with Intelligence driven defense utilizing the Cyber Kill Chain

Experience with Threat intelligence tools and platforms

A well-rounded understanding of the malware and information security threat landscape. Ideal candidate should have a passion for learning and be vested in this field.

Deep curiosity and a drive to understand threat Intelligence, Threat Actors and their methodologies

Demonstrable understanding of the internet threat landscape.

Demonstrate ability to come up with creative ideas for threat research and the ability to manifest those using big data techniques.

Ability to comfortably communicate directly with stakeholder and the security community.

Provide accurate and priority driven analysis on cyber activity/threats

Strong presentation skills in front of audiences of all shapes and sizes preferred.

Strong relationship building and maintaining skills preferred.

Excellent problem solving, critical thinking, and analytical skills - ability to de-construct problems

Strong analytical and decision-making skills

Self-directed and accountable.

Located in a US time zone, available during US business hours.

Technical qualifications

Knowledge of Information Risk Management/Cyber Security preferred

Knowledge of log, network, and system forensic investigation techniques

Deep knowledge of diverse operating systems, networking protocols, and systems administration

Knowledge of commercial forensic tools

Knowledge of common indicators of compromise and of methods for detecting these incidents

Knowledge of IT core infrastructure and cyber security components/devices

Knowledge of TCP/IP Networking and knowledge of the OSI model

Knowledge of OS management and Network Devices

Knowledge of Intrusion Detection/Prevention Systems

Knowledge of Antivirus Systems

Experience monitoring threats via a SIEM console

Significant experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs

Significant experience with packet analysis (Wireshark) and Malware analysis preferred

Required:

Report and disseminate information to our important to our stakeholders on threats that may affect our environment, such as emerging malware, security developments and insightful summaries of current events.

Sift through internal and open source data to find threat information and use it to provide value to Humana.  Maintain a list of current events, threats, and other information that stakeholders should be aware of.

Provide accurate and priority driven analysis on cyber activity/threats, and present complex technical topics to senior managers and stakeholders.

Recommend implementation of counter-measures or mitigating controls

Collaborate with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity.

Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business units

Preferred:

Analyze threat campaigns, author customer-specific threat reports, and publish research results around specific verticals or geographies. Collaborate with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity.

Perform threat campaign analysis, analyze data and Intel and make that information meaningful for stakeholders. As part of the Cyber Threat Intelligence team you will be focused on proactive controls, understanding and communicating risk.

Develop analytical hypotheses based on your background; prove (or disprove) those hypotheses through research; communicate that information to stakeholders both verbally and in writing.

Create and continuously improve standard operating procedures used by the threat intelligence team.

Create, manage, and dispatch Intelligence reports, monitor external event sources for security intelligence and actionable incidents. Document investigation results, ensuring relevant details are passed to senior analysts and stakeholders.

Scheduled Weekly Hours

40