The Lead SOC Analyst of the UHG’s Security Operation Center will be sought out as a technical expert. The successful candidate will lead a security team of analysts around the globe in a 24x7 environment, and will be a knowledgeable, hands-on technical specialist, handling the coordination of complex and detailed technical work necessary to provide comprehensive SIEM monitoring, threat detection, and coordinating incident response within the organization. Mentoring and training of fellow team members is expected as a means of information sharing and skill enhancement of the team as a whole. The continual enhancement and development of organizational processes and standards are also key components of this job role. This person will report to the Security Operations Center Director as part of our Cyber Defense team.
The Cyber Defense (CD) team has identified an opportunity to significantly enhance the effectiveness of our current cyber defense posture. The value proposition centers on the development of a holistic cyber defense model that requires alignment and integration of key technical resources, security functions and related processes. We are creating a state-of-the-art centralized cyber defense operating model which will manage the security threats across the enterprise effectively and consistently.
Responsibilities of this specific role will include the following:
- Lead a team of analysts charged with threat monitoring, content development, and incident response support; serve as an escalation resource and mentor for other SOC analysts
- Monitor and analyze attempted efforts to compromise security protocols. Identify and investigate activities and conduct and provide analyses regarding results.
- Collaborate with other Cyber Defense teams.
- Review logs, network traffic, and endpoint data to identify and report possible security issues.
- Perform investigations and escalation for complex or high severity security threats or incidents
- Work with Cyber Defense Engineering and other security partners developing and refining correlation rules
- Work on complex tasks assigned by leadership, which may involve coordination of effort among multiple teams
- Author and coordinate security status reports to provide system status, report potential and actual security violations and provide procedural recommendations
- Participate in knowledge sharing with other team members and industry collaboration organizations to advance the security monitoring program
- Ensure that Service Level Agreements are defined, tracked and met by the team
- Develop and support strategic plans and projects to meet Global Security and SOC goals and objectives
- Drive execution of daily, weekly, and monthly metrics for statistical threats, KPI’s, and KRI’s.
- Contribute to and maintain Standard Operating Procedures
- Maintain an in-depth knowledge of common attack vectors, common security exploits, and countermeasures.
- Maintain a solid working knowledge of Information Security principles and practices.
- Research the current information security and event monitoring trends, and keep up-to-date with SOC issues, technology, and industry best practices.
- Coordinate evidence/data gathering and documentation and review Security Incident reports
- Assist in defining and driving strategic initiatives
- Provide recommendations for improvements to Company's Security Policy, Procedures, and Architecture based on operational insights
- Provide leadership and technical guidance in project planning, task definition, estimating, reporting, scheduling, documentation, and workflow
- 6 or more years of hands-on technical experience with log, network traffic, endpoint, and malware analysis.
- Advanced knowledge and expertise of Security Operations and Incident Response.
- 2 or more years of experience with Azure, AWS, or GCP hosting environments
- Practical knowledge of a variety of hardware, software, and cloud security controls (Firewalls, IDS/IPS, DDoS, WAF, proxy, CASB, advanced malware detection, EDR, AV, DPI, SIEM, TIP, DLP etc.)
- Experienced in leading, coaching, mentoring, and teaching others with or without HR accountabilities.
- You will be asked to perform this role in an office setting, however, may be required to work from home temporarily due to space limitations.
- Employees are required to screen for symptoms using the ProtectWell mobile app, Interactive Voice Response (i.e., entering your symptoms via phone system) or a similar UnitedHealth Group-approved symptom screener prior to entering the work site each day, in order to keep our work sites safe. Employees must comply with any state and local masking orders. In addition, when in a UnitedHealth Group building, employees are expected to wear a mask in areas where physical distancing cannot be attained.
- Advanced SIEM analysis and Incident Response
- Advanced knowledge of threat landscape, malware, attack techniques, IOC’s, TTPs, CSF frameworks.
- Moderate knowledge of network/endpoint forensics, malware analysis, reverse engineering
- Moderate knowledge of Cloud Security, Monitoring, Automated Incident Response, offensive security
- Moderate DevOps experience with (Powershell, Python, C#, Java, bash, GO, etc.)
- Security Certifications: GIAC, OSCP, CCSK, Azure, AWS, ISC2, CompTIA, ISACA, EC-Council
Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.SM
*All Telecommuters will be required to adhere to UnitedHealth Group’s Telecommuter Policy.
Colorado Residents Only: The salary range for Colorado residents is $94,500 to $171,700. Pay is based on several factors including but not limited to education, work experience, certifications, etc. As of the date of this posting, In addition to your salary, UHG offers the following benefits for this position, subject to applicable eligibility requirements: Health, dental, and vision plans; wellness program; flexible spending accounts; paid parking or public transportation costs; 401(k) retirement plan; employee stock purchase plan; life insurance, short-term disability insurance, and long-term disability insurance; business travel accident insurance; Employee Assistance Program; PTO; and employee-paid critical illness and accident insurance.
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.