Lead SIEM Engineer(virtual remote)

Humana Remote
lead siem engineer virtual remote security siem threat operations security operations monitoring splunk t&c
December 4, 2022
Humana
Louisville, Kentucky
FULL_TIME

Description

Threat Management and Response supports Humana's value proposition by providing strategic guidance and support for Enterprise Information Protection (EIP), IT and business clients. As a Lead SIEM Engineer, you will play a critical role in the Security Operations by enabling active cyber monitoring capability for critical platform and applications. You will help building a single pane view for the security monitoring by adopting use case driven log ingestion to SIEM, by enabling and optimizing the active detections and content. You will assist on multiple security and IT initiatives which will encompass providing direct influence to multiple project team members, vendors and the implementation of security monitoring.

Responsibilities

Key Responsibilities:

  • Engineer SIEM solutions to support Humana's Threat Intelligence, Detection Engineering, Threat Hunting, Adversary Emulation, and Response teams.
  • Adopt a use case driven mindset to (such as MaGMa) gather requirements, conduct analysis, and develop/deploy threat detection content and investigation workflows for security operations.
  • Enable, tune, and document SIEM content/notables to facilitate various security operations teams.
  • Able to prioritize work using MITRE ATT&CK framework.
  • Create and maintain the ATT&CK dashboards to show the coverage.
  • Develop, implement and maintain solutions for automated threat detection, behavioral analytics, risk-based alerting.
  • Knowledge of SIEM technologies including UEBA and SOAR.
  • Hands on administration of Splunk Enterprise Security.
  • The know how to research, maintain and support applications and Add-ons the SIEM capabilities TMR solutions are dependent on.
  • Work collaboratively with the platform teams as they onboard logs needed for the security monitoring use cases in Splunk, analyzing the data for parsing to make it CIM compliant.
  • Develop and manage data model and ensure proper support for the detections
  • Ensure SIEM solution is healthy and fully optimized
  • Provide support when needed by the Security Incident response, Threat hunting and Threat intel teams
  • Support the Public Cloud initiatives from Security Operations point of view. Review new cloud service implementations at Humana on a regular basis for impacts to security operations.
  • Provide daily, ongoing operational support of SIEM, to include the security impact of proposed modifications, additions, and technology implementation/refresh operations.
  • Maintain knowledge of industry trend in terms of threat landscape and translate that to the SIEM engineering function to help protect Humana's cyber assets
  • Thoroughly understand software installations, systems monitoring and troubleshooting, account management, and overall efforts to ensure uninterrupted log ingestions and threat detections.
  • Think creatively to discover and support automation opportunities 

Key Competencies

  • Accountability: Meets established expectations and takes responsibility for achieving results; encourages others to do the same. Employs focus, attention to detail, reliability, and appropriate prioritization to drive outcomes. Sees opportunities to contribute and takes the initiative to create solutions.
  • Builds Trust: Consistently models and inspires high levels of integrity in decisions, speech, and actions. Lives up to commitments, taking responsibility for the impact of one's actions. Exercises the courage to prioritize principles and values over personal or professional gain.
  • Influence & Collaborate: Engages others by gathering multiple views and being open to diverse perspectives, focusing on a shared purpose that puts Humana's overall success first. Develops and strengthens networks and relationships, both inside and outside the organization, that support company performance. Proactively and transparently contributes information and energy toward creating value with others.
  • Customer Focus: Connects meaningfully with customers to build emotional engagement and customer advocacy. Develops and applies deep customer knowledge and intimacy to develop and deliver products, services, and interactions that provide value beyond expectations. Simplifies complexity and integrates internal efforts to deliver an optimal customer experience.

               

Role Essentials

  • Bachelor's Degree in Computer Science, Information Technology, or equivalent experience
  • Expert level knowledge of SIEM (Security Information and Event Management)
  • Through understanding of MITRE ATT&CK framework and hands on practical experience using it.
  • Knowledge of Advanced Persistent Threats (APT) tactics, technics, and procedures
  • Extensive knowledge in security technologies such as: IDS/IPS, DLP, Proxy, WAF, EDR, Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
  • Experience with SIEM technologies including Use Case and playbook development, correlation, parsing, upgrades, and ongoing maintenance
  • Advanced knowledge of Splunk - Enterprise Security
  • Understanding of attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
  • Understanding of common network infrastructure devices such as routers and switches
  • Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
  • Expert level knowledge in troubleshooting and resolving complex Splunk infrastructure issues
  • Strong knowledge of organization, technology controls, security, and risk issues 
  • Strong consultation, communication skills and ability to triage.
  • Excellent written and oral communications skills and ability to articulate and present information to senior executives, peers, all levels of technical staff, and stakeholders
  • Proven ability to quickly earn the trust of project sponsors and key stakeholders
  • Able to prioritize and execute tasks in a high-pressure environment
  • Ability to communicate at all levels with clarity and precision both written and verbal

Role Desirables

  • Preferred IT Industry certifications (Cisco, CISSP, CEH, Azure, Amazon AWS, Splunk, etc.)
  • Knowledge of Azure Sentinel

Scheduled Weekly Hours

40

Report this job

Similar solutions engineer jobs in louisville ky