IT Cybersecurity Analyst (SOC)- Chaska, MN or Raleigh, NC

This Shift is Daytime Monday, Tuesday, Wednesday, Thursday, Friday 8 AM - 5 PM Central time.

Responsibilities

• Perform incident response, with a primary focus of eliminating the threat to the network and determining the cause of the security incident while preserving evidence for further analysis.
• Ensure incidents are handed in a manner that is consistent with established playbooks.
• Monitors SIEM and logging for alerts of potential network threats, intrusions, and/or compromises.
• Responsible for understanding the global threat environment and general security best practices.
• Assists with triage of service requests from automated sensors and internal requests for assistance.
• Participates in active cyber hunting to identify and eliminate known and unknown network threats.
• Interface with technical personnel from various disciplines to rapidly resolve critical issues.
• Appropriately inform and advise leadership of incidents and propose effective response and/or countermeasures for containment.
• Participate in knowledge sharing with other security engineers and partner.
• Identify, document, and recommend new or revised incident response playbooks
• Drive continuous improvement of processes and procedures to improve analysis, detection, and mitigation of incidents in support of the overall Cyber Defense mission
• Create and drive action plans to address recurring or ongoing information security incidents.
• Develop and maintain reporting metrics used to measure team performance, ensure analyst adherence to processes/procedures for operational consistency, identify process improvements, coaching, training and professional development of the staff.
• Participate in the planning and implementation of information security technology projects. Serve as point-person and subject matter expert for issues and projects related Cyber Security Counter Threat Operations.
• Collaboration as appropriate with leadership and other key stakeholders
• Positions in this function are involved in the body of technologies, processes, and practices designed to protect and defend networks, computers, programs, and data from attack, damage, theft, or unauthorized access, including firewall, digital forensics, investigative services, and incident management.
• Analyzes and investigates.
• Provides explanations and interpretations within area of expertise
  

Requirements:

• Knowledge of industry recognized analysis frameworks (Kill Chain, Diamond Model, MITRE ATT&CK, NIST Incident Response, etc
• Development experience in one or more of the following: C+, Python, PS, Bash, or Java
• Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
• Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule and/or shift work)
• You must be eligible to have NAC clearance to perform this role.
• You will be asked to perform this role in an office setting, however, may be required to work from home temporarily due to space limitations.
• Employees are required to screen for symptoms using the ProtectWell mobile app, Interactive Voice Response (i.e., entering your symptoms via phone system) or a similar UnitedHealth Group-approved symptom screener prior to entering the work site each day, in order to keep our work sites safe. Employees must comply with any state and local masking orders. In addition, when in a UnitedHealth Group building, employees are expected to wear a mask in areas where physical distancing cannot be attained.

Preferred:

• Experience with network monitoring in a SOC environment
• BS in Computer Science, Computer Engineering, Cyber Security, Forensics and/or equivalent work experience
• Security certifications (e.g. Security+, CCNA Cyber Ops, GCIA, GCIH, CEH, CySA+, OSCP, etc.)
• Experience and knowledge conducting cyber threat analysis originating from phishing emails
• Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms
• Efficient triage and documentation during incident response to effectively brief Leadership
  

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work. SM

*All Telecommuters will be required to adhere to UnitedHealth Group's Telecommuter Policy.
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.