Incident Response Lead remote virtual home office eligible

Profile

Description

The Incident Response Lead will a dynamic, enterprise team that will lead hunting for and responding to cyber incidents stemming from internal and external threat actors. The Incident Response Lead shall provide Tier 3 services, which is coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for cyber incidents.

Responsibilities

The Incident Response Lead (IRL) will be part of Humana's Cyber Incident Response team (CIR). CIR is the enterprise team responsible for the detection and response to the most sophisticated cyber threats and attacks. The IRL will leverage a variety of tools and resources to proactively detect, investigate, and mitigate emerging and persistent threats impacting Humana networks, systems, and applications. In addition to their professional roles, the IRL will be responsible for developing the Senior Incident Response Engineers (IREs) including training, mentoring and personal development plans.

Responsibilities:

In addition to accountabilities listed above:

Maintain high professional level across the CIR's Senior Incident Response Engineers (IRE) working from multiple locations

Define the needed capabilities for the CIR and IREs

Create a training plan for existing and new IREs

Mentor (personally and professionally) the IREs

Incident Response and Forensics

Serve as escalation point for conducting investigations into security incidents involving advanced and sophisticated threat actors and TTPs

Perform forensic analysis of electronic assets, devices, and log sources

Manage incident response activities including scoping, communication, reporting, and long term remediation planning

Assist with post incident activities

Serves as a centralized point of communication and provides appropriate briefings to executive staff and other stakeholders as needed

Big Data analysis and reporting:

Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.

Research, develop, and enhance content within SIEM and other tools

Technologies and Automation:

Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations

Research and test new technologies and platforms; develop recommendations and improvement plans

Improve efficiencies of Humana's incident response processes and methodologies.

Required Qualifications

Bachelor's or Master's degree in a technical field

Minimum 10 years of information security experience

Minimum 5 years of leading teams experience

Technical expertise in at least three of the following areas:

Windows disk and memory forensics

Cloud Operations and Engineering

Network Security Monitoring (NSM), network traffic analysis, and log analysis

Unix or Linux disk and memory forensics

Static and dynamic malware analysis

MITRE ATT&CK

Applied knowledge in at least one scripting or development language (such as Python)

Thorough understanding of enterprise security controls in Active Directory / Windows environments

Preferred Qualifications

Master's Degree in a Technical Field

Security Certification

Possess one cybersecurity certification, such as:

GIAC Certified Incident Handler (GCIH)

GIAC Certified Enterprise Defender (GCED)

GIAC Certified Forensic Analyst (GCFA)

Additional Information

Ability to leverage project management skills and tools to effectively budget, scope, and execute on strategic initiatives and goals

Ability to manage multiple projects and manage tight deadlines

Prior training and public speaking engagement experience

Ability to exercise emotional intelligence and situational awareness.

Strong interpersonal communication skills.

Ability to lead a team of highly technical security professionals

Ability to prepare and review customized contracts for security consulting services

Willingness to travel up to 10%

Scheduled Weekly Hours

40

Company info

Humana Inc.
Website : http://www.humana.com