This role is for a senior level contributor as a part of the Insider Threat Program within the Cyber Incident Response Team. It is designed for a proven developer and investigation analyst with extensive experience in information security tool development, digital forensics, high-level cybersecurity investigative work and still maintains the desire to strengthen their development and cybersecurity investigation skills by creating custom cybersecurity related tools and working security incidents related to Insider Threats while staying abreast of the current threat landscape.  Primary responsibilities will be to respond to build and utilize security tools and respond to high-priority user investigations that require host-based forensics. Candidate will also be responsible for will assisting/mentoring junior level analysts on lower priority incidents.    Ability to utilize network log sources, forensic and build/utilize homegrown monitoring tools to perform full investigations into security incidents.  Elite report writing will be required in most cases.  The opportunity will be for a full-time employee positioned in Raleigh, NC located in the security suite with access to the forensics lab.  No option for telecommuting. 

Responsibilities
Candidate will be expected to perform the following:

• Transition to cloud-based platform for InTP program

• Developing and maintaining internal cybersecurity tools utilizing Osiris/Splunk/Phantom

• Respond to high priority Insider Threat incidents requiring host-based forensic investigations

• Investigate daily medium priority alerts generated from custom InTP models 

• Perform person-of-interest investigations heavily leveraging social media platforms and open source public information and provide thorough, well-written reports.

• Assist with continuous training and development of junior analysts in digital forensics, investigation report writing, and process improvement related to the Insider Threat Program

• Responsible for new model creation for custom built tools in order to identify activity related to possible security incidents. 

• Insider Threat representative on special projects that require collaboration from different teams across Enterprise Information Security. 

Skills requirements

• Experience building, coding, maintaining customized monitoring tools in the security space
• 5 or more years of cybersecurity digital forensic experience 
• 2 or more years Insider Threat investigation experience
• Extensive knowledge of EnCase and FireEye HX forensic tools
• Windows and MacOS forensic experience required
• Knowledgeable in memory forensics 
• Experience with physical evidence chain of custody, intake and tracking processes 
• Experience training/mentoring analysts on various cybersecurity products, tools, processes, etc.
• Elite-level of cybersecurity incident report writing
• Ability to communicate effectively with highly technical colleagues; while also being able to effectivity communicate highly technical investigations/reports to non-technical associates
• CISSP Certification and Forensic Certification required
• Software Engineering utilizing Splunk/Phantom/Osiris/PHP/Python
• You will be asked to perform this role in an office setting, however, may be required to work from home temporarily due to space limitations.
• Employees are required to screen for symptoms using the ProtectWell mobile app, Interactive Voice Response (i.e., entering your symptoms via phone system) or a similar UnitedHealth Group-approved symptom screener prior to entering the work site each day, in order to keep our work sites safe. Employees must comply with any state and local masking orders. In addition, when in a UnitedHealth Group building, employees are expected to wear a mask in areas where physical distancing cannot be attained.

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.SM

*All Telecommuters will be required to adhere to UnitedHealth Group’s Telecommuter Policy.
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.