Senior SIEM Engineer(virtual remote)
Humana
Remote
senior
siem
engineer
virtual
remote
security
threat
siem
operations
splunk
monitoring
security operations
t&c
February 14, 2023
Humana
Louisville, KY
Threat Management and Response supports Humana's value proposition by providing strategic guidance and support for Enterprise Information Protection (EIP), IT and business clients. You will help building a single pane view for the security monitoring by adopting use case driven log ingestion to SIEM, by enabling and optimizing the active detections and content. You will assist on multiple security and IT initiatives which will encompass providing direct influence to multiple project team members, vendors and the implementation of security monitoring.
Responsibilities
Key Responsibilities:
Engineer SIEM solutions to support Humana’s Threat Intelligence, Detection Engineering, Threat Hunting, Adversary Emulation, and Response teams.
Adopt a use case driven mindset to gather requirements, conduct analysis, and develop/deploy threat detection content and investigation workflows for security operations.
Enable, tune, and document SIEM content/notables to facilitate various security operations teams.
Able to prioritize work using MITRE ATT&CK framework.
Create and maintain the ATT&CK dashboards to show the coverage.
Develop, implement and maintain solutions for automated threat detection, behavioral analytics, risk-based alerting.
Knowledge of SIEM technologies including UEBA and SOAR.
Hands on administration of Splunk Enterprise Security.
The know how to research, maintain and support applications and Add-ons the SIEM capabilities TMR solutions are dependent on.
Work collaboratively with the platform teams as they onboard logs needed for the security monitoring use cases in Splunk, analyzing the data for parsing to make it CIM compliant.
Develop and manage data model and ensure proper support for the detections
Ensure SIEM solution is healthy and fully optimized
Provide support when needed by the Security Incident response, Threat hunting and Threat intel teams
Support the Public Cloud initiatives from Security Operations point of view. Review new cloud service implementations at Humana on a regular basis for impacts to security operations.
Provide daily, ongoing operational support of SIEM, to include the security impact of proposed modifications, additions, and technology implementation/refresh operations.
Maintain knowledge of industry trend in terms of threat landscape and translate that to the SIEM engineering function to help protect Humana’s cyber assets
Thoroughly understand software installations, systems monitoring and troubleshooting, account management, and overall efforts to ensure uninterrupted log ingestions and threat detections.
Think creatively to discover and support automation opportunities
Key Competencies
Accountability: Meets established expectations and takes responsibility for achieving results; encourages others to do the same. Employs focus, attention to detail, reliability, and appropriate prioritization to drive outcomes. Sees opportunities to contribute and takes the initiative to create solutions.
Builds Trust: Consistently models and inspires high levels of integrity in decisions, speech, and actions. Lives up to commitments, taking responsibility for the impact of one's actions. Exercises the courage to prioritize principles and values over personal or professional gain.
Influence & Collaborate: Engages others by gathering multiple views and being open to diverse perspectives, focusing on a shared purpose that puts Humana's overall success first. Develops and strengthens networks and relationships, both inside and outside the organization, that support company performance. Proactively and transparently contributes information and energy toward creating value with others.
Customer Focus: Connects meaningfully with customers to build emotional engagement and customer advocacy. Develops and applies deep customer knowledge and intimacy to develop and deliver products, services, and interactions that provide value beyond expectations. Simplifies complexity and integrates internal efforts to deliver an optimal customer experience.
Required Qualifications
Bachelor’s Degree in Computer Science, Information Technology, or equivalent experience
5 years experience in cyber security
Preferred IT Industry certifications (Cisco, CISSP, CEH, Azure, Amazon AWS, Splunk, etc.)
Expert level knowledge of SIEM (Security Information and Event Management)
Through understanding of MITRE ATT&CK framework and hands on practical experience using it.
Knowledge of Advanced Persistent Threats (APT) tactics, technics, and procedures
Extensive knowledge in security technologies such as: IDS/IPS, DLP, Proxy, WAF, EDR, Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
Experience with SIEM technologies including Use Case and playbook development, correlation, parsing, upgrades, and ongoing maintenance
Advanced knowledge of Splunk – Enterprise Security
Understanding of attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
Understanding of common network infrastructure devices such as routers and switches
Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
Expert level knowledge in troubleshooting and resolving complex Splunk infrastructure issues
Strong knowledge of organization, technology controls, security, and risk issues
Strong consultation, communication skills and ability to triage.
Excellent written and oral communications skills and ability to articulate and present information to senior executives, peers, all levels of technical staff, and stakeholders
Proven ability to quickly earn the trust of project sponsors and key stakeholders
Able to prioritize and execute tasks in a high-pressure environment
Ability to communicate at all levels with clarity and precision both written and verbal
Additional Information
Humana and its subsidiaries require vaccinated associates who work outside of their home to submit proof of vaccination, including COVID-19 boosters. Associates who remain unvaccinated must either undergo weekly negative COVID testing OR wear a mask at all times while in a Humana facility or while working in the field.
Remote/WAH requirements:
WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
Satellite and Wireless Internet service is NOT allowed for this role.
A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Scheduled Weekly Hours
40
Not Specified
0
Responsibilities
Key Responsibilities:
Engineer SIEM solutions to support Humana’s Threat Intelligence, Detection Engineering, Threat Hunting, Adversary Emulation, and Response teams.
Adopt a use case driven mindset to gather requirements, conduct analysis, and develop/deploy threat detection content and investigation workflows for security operations.
Enable, tune, and document SIEM content/notables to facilitate various security operations teams.
Able to prioritize work using MITRE ATT&CK framework.
Create and maintain the ATT&CK dashboards to show the coverage.
Develop, implement and maintain solutions for automated threat detection, behavioral analytics, risk-based alerting.
Knowledge of SIEM technologies including UEBA and SOAR.
Hands on administration of Splunk Enterprise Security.
The know how to research, maintain and support applications and Add-ons the SIEM capabilities TMR solutions are dependent on.
Work collaboratively with the platform teams as they onboard logs needed for the security monitoring use cases in Splunk, analyzing the data for parsing to make it CIM compliant.
Develop and manage data model and ensure proper support for the detections
Ensure SIEM solution is healthy and fully optimized
Provide support when needed by the Security Incident response, Threat hunting and Threat intel teams
Support the Public Cloud initiatives from Security Operations point of view. Review new cloud service implementations at Humana on a regular basis for impacts to security operations.
Provide daily, ongoing operational support of SIEM, to include the security impact of proposed modifications, additions, and technology implementation/refresh operations.
Maintain knowledge of industry trend in terms of threat landscape and translate that to the SIEM engineering function to help protect Humana’s cyber assets
Thoroughly understand software installations, systems monitoring and troubleshooting, account management, and overall efforts to ensure uninterrupted log ingestions and threat detections.
Think creatively to discover and support automation opportunities
Key Competencies
Accountability: Meets established expectations and takes responsibility for achieving results; encourages others to do the same. Employs focus, attention to detail, reliability, and appropriate prioritization to drive outcomes. Sees opportunities to contribute and takes the initiative to create solutions.
Builds Trust: Consistently models and inspires high levels of integrity in decisions, speech, and actions. Lives up to commitments, taking responsibility for the impact of one's actions. Exercises the courage to prioritize principles and values over personal or professional gain.
Influence & Collaborate: Engages others by gathering multiple views and being open to diverse perspectives, focusing on a shared purpose that puts Humana's overall success first. Develops and strengthens networks and relationships, both inside and outside the organization, that support company performance. Proactively and transparently contributes information and energy toward creating value with others.
Customer Focus: Connects meaningfully with customers to build emotional engagement and customer advocacy. Develops and applies deep customer knowledge and intimacy to develop and deliver products, services, and interactions that provide value beyond expectations. Simplifies complexity and integrates internal efforts to deliver an optimal customer experience.
Required Qualifications
Bachelor’s Degree in Computer Science, Information Technology, or equivalent experience
5 years experience in cyber security
Preferred IT Industry certifications (Cisco, CISSP, CEH, Azure, Amazon AWS, Splunk, etc.)
Expert level knowledge of SIEM (Security Information and Event Management)
Through understanding of MITRE ATT&CK framework and hands on practical experience using it.
Knowledge of Advanced Persistent Threats (APT) tactics, technics, and procedures
Extensive knowledge in security technologies such as: IDS/IPS, DLP, Proxy, WAF, EDR, Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
Experience with SIEM technologies including Use Case and playbook development, correlation, parsing, upgrades, and ongoing maintenance
Advanced knowledge of Splunk – Enterprise Security
Understanding of attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
Understanding of common network infrastructure devices such as routers and switches
Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
Expert level knowledge in troubleshooting and resolving complex Splunk infrastructure issues
Strong knowledge of organization, technology controls, security, and risk issues
Strong consultation, communication skills and ability to triage.
Excellent written and oral communications skills and ability to articulate and present information to senior executives, peers, all levels of technical staff, and stakeholders
Proven ability to quickly earn the trust of project sponsors and key stakeholders
Able to prioritize and execute tasks in a high-pressure environment
Ability to communicate at all levels with clarity and precision both written and verbal
Additional Information
Humana and its subsidiaries require vaccinated associates who work outside of their home to submit proof of vaccination, including COVID-19 boosters. Associates who remain unvaccinated must either undergo weekly negative COVID testing OR wear a mask at all times while in a Humana facility or while working in the field.
Remote/WAH requirements:
WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
Satellite and Wireless Internet service is NOT allowed for this role.
A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Scheduled Weekly Hours
40
Not Specified
0
Report this job