The Lead SOC Analyst of the UHG’s Security Operation Center will be sought out as a technical expert. The successful candidate will lead a security team of analysts around the globe in a 24×7 environment, and will be a knowledgeable, hands-on technical specialist, handling the coordination of complex and detailed technical work necessary to provide comprehensive SIEM monitoring, threat detection, and coordinating incident response within the organization. Mentoring and training of fellow team members is expected as a means of information sharing and skill enhancement of the team as a whole. The continual enhancement and development of organizational processes and standards are also key components of this job role. This person will report to the Security Operations Center Director as part of our Cyber Defense team.
The Cyber Defense (CD) team has identified an opportunity to significantly enhance the effectiveness of our current cyber defense posture. The value proposition centers on the development of a holistic cyber defense model that requires alignment and integration of key technical resources, security functions and related processes. We are creating a state-of-the-art centralized cyber defense operating model which will manage the security threats across the enterprise effectively and consistently.
Responsibilities of this specific role will include the following:
- Lead a team of analysts charged with threat monitoring, content development, and incident response support; serve as an escalation resource and mentor for other SOC analysts
- Monitor and analyze attempted efforts to compromise security protocols. Identify and investigate activities and conduct and provide analyses regarding results.
- Collaborate with other Cyber Defense teams.
- Review logs, network traffic, and endpoint data to identify and report possible security issues.
- Perform investigations and escalation for complex or high severity security threats or incidents
- Work with Cyber Defense Engineering and other security partners developing and refining correlation rules
- Work on complex tasks assigned by leadership, which may involve coordination of effort among multiple teams
- Author and coordinate security status reports to provide system status, report potential and actual security violations and provide procedural recommendations
- Participate in knowledge sharing with other team members and industry collaboration organizations to advance the security monitoring program
- Ensure that Service Level Agreements are defined, tracked and met by the team
- Develop and support strategic plans and projects to meet Global Security and SOC goals and objectives
- Drive execution of daily, weekly, and monthly metrics for statistical threats, KPI’s, and KRI’s.
- Contribute to and maintain Standard Operating Procedures
- Maintain an in-depth knowledge of common attack vectors, common security exploits, and countermeasures.
- Maintain a solid working knowledge of Information Security principles and practices.
- Research the current information security and event monitoring trends, and keep up-to-date with SOC issues, technology, and industry best practices.
- Coordinate evidence/data gathering and documentation and review Security Incident reports
- Assist in defining and driving strategic initiatives
- Provide recommendations for improvements to Company's Security Policy, Procedures, and Architecture based on operational insights
- Provide leadership and technical guidance in project planning, task definition, estimating, reporting, scheduling, documentation, and workflow
- 6 or more years of hands-on technical experience with log, network traffic, endpoint, and malware analysis.
- Advanced knowledge and expertise of Security Operations and Incident Response.
- 2 or more years of experience with Azure, AWS, or GCP hosting environments
- Practical knowledge of a variety of hardware, software, and cloud security controls (Firewalls, IDS/IPS, DDoS, WAF, proxy, CASB, advanced malware detection, EDR, AV, DPI, SIEM, TIP, DLP etc.)
- Experienced in leading, coaching, mentoring, and teaching others with or without HR accountabilities.
- You will be asked to perform this role in an office setting, however, may be required to work from home temporarily due to space limitations.
- Employees are required to screen for symptoms using the ProtectWell mobile app, Interactive Voice Response (i.e., entering your symptoms via phone system) or a similar UnitedHealth Group-approved symptom screener prior to entering the work site each day, in order to keep our work sites safe. Employees must comply with any state and local masking orders. In addition, when in a UnitedHealth Group building, employees are expected to wear a mask in areas where physical distancing cannot be attained.
- Advanced SIEM analysis and Incident Response
- Advanced knowledge of threat landscape, malware, attack techniques, IOC’s, TTPs, CSF frameworks.
- Moderate knowledge of network/endpoint forensics, malware analysis, reverse engineering
- Moderate knowledge of Cloud Security, Monitoring, Automated Incident Response, offensive security
- Moderate DevOps experience with (Powershell, Python, C#, Java, bash, GO, etc.)
- Security Certifications: GIAC, OSCP, CCSK, Azure, AWS, ISC2, CompTIA, ISACA, EC-Council