UHG

About UHG

Careers at UnitedHealth Group

 

We have modest goals: Improve the lives of others. Change the landscape of health care forever. Leave the world a better place than we found it. Such aspirations tend to attract a certain type of person. Crazy talented. Compassionate. Driven. To these individuals, we offer the global reach, resources and can-do culture of a Fortune 5 company. We provide an environment where you’re empowered to be your best. We encourage you to take risks and in return, offer a world of rewards and benefits for performance. Exceeding your limits is an exceptional start to your life's best work.SM

 

Just like you, we are driven by a set of fundamental principles that are guiding our way forward. Our values of integrity, compassion, relationships, innovation, and performance serve as a foundation to transform health care. Are you in? Learn more about your future at UnitedHealth Group at careers.unitedhealthgroup.com

 

Job Category:

Information Technology

Country:

United States

Postal Code:

27601

Approximate Salary:

Not Specified

Position Type:

Full Time

This job has expired and you can't apply for it anymore. Start a new search.

Lead Investigator (DFIR –Digital Forensics and Incident Response) – Telecommute

UHG - Raleigh, North Carolina

Posted: 09/4/2018

Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that's improving the lives of millions. Here, innovation isn't about another gadget, it's about making health care data available wherever and whenever people need it, safely and reliably. There's no room for error. Join us and start doing your life's best work.(sm)

 

Primary Responsibilities: 

  • Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
  • Design and build custom tools for investigations, hunting, and research
  • Assist in the design, evaluation, and implementation of new security technologies
  • Lead response and investigation efforts into advanced/targeted attacks
  • Hunt for and identify threat actor groups and their techniques, tools and processes
  • Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses
  • Provide expert analytic investigative support of large scale and complex security incidents
  • Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
  • Continuously improve processes for use across multiple detection sets for more efficient Security Operations
  • Document best practices using available collaboration tools and workspaces
  • Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed
  • Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors
  • A passion for research, and uncovering the unknown about internet threats and threat actors


 


Required Qualifications:

  • Bachelor's in Computer Science or related field, or equivalent experience
  • Industry Cyber Security Certifications including; CEH, CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), Splunk Certified Knowledge Manager, Splunk Certified Admin, or Splunk Certified Architect.
  • 5+ years of relevant cyber security experience in IT Security, Incident Response or network security with strong knowledge working in a SOC
  • Experience with the incident response process, including detecting advanced adversaries, log analysis using Splunk, ELK, or similar tools, and malware triage
  • Knowledge of the Cyber Kill Chain and the Diamond Model of Analysis
  • Experience with creating automated log correlations in Splunk, ELK, or a similar tool to identify anomalous and potentially malicious behavior
  • Experience with Netflow or PCAP analysis
  • Experience with a common scripting or programming language, including Perl, Python, Bash or Shell, PowerShell, or batch
  • Experience with the Windows file system and registry functions or *NIX operating systems and command line tools
  • Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts
  • Knowledge of typical behaviors of both malware and threat actors and how common protocols and applications work at the network level, including DNS, HTTP, and SMB

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.(sm)

 

 

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

 

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.

 

 

Apply Now
This job has expired and you can't apply for it anymore