Humana Incident Response Lead (remote virtual home office eligible) in Colorado Springs, Colorado
The Incident Response Lead will a dynamic, enterprise team that will lead hunting for and responding to cyber incidents stemming from internal and external threat actors. The Incident Response Lead shall provide Tier 3 services, which is coordination, execution, and implementation of all actions required for the containment, eradication, and recovery measures for cyber incidents.
The Incident Response Lead (IRL) will be part of Humana's Cyber Incident Response team (CIR). CIR is the enterprise team responsible for the detection and response to the most sophisticated cyber threats and attacks. The IRL will leverage a variety of tools and resources to proactively detect, investigate, and mitigate emerging and persistent threats impacting Humana networks, systems, and applications. In addition to their professional roles, the IRL will be responsible for developing the Senior Incident Response Engineers (IREs) including training, mentoring and personal development plans.
In addition to accountabilities listed above:
Maintain high professional level across the CIR's Senior Incident Response Engineers (IRE) working from multiple locations
Define the needed capabilities for the CIR and IREs
Create a training plan for existing and new IREs
Mentor (personally and professionally) the IREs
Incident Response and Forensics
Serve as escalation point for conducting investigations into security incidents involving advanced and sophisticated threat actors and TTPs
Perform forensic analysis of electronic assets, devices, and log sources
Manage incident response activities including scoping, communication, reporting, and long term remediation planning
Assist with post incident activities
Serves as a centralized point of communication and provides appropriate briefings to executive staff and other stakeholders as needed
Big Data analysis and reporting:
Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.
Research, develop, and enhance content within SIEM and other tools
Technologies and Automation:
Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations
Research and test new technologies and platforms; develop recommendations and improvement plans
Improve efficiencies of Humana's incident response processes and methodologies.
Bachelor's or Master's degree in a technical field
Minimum 10 years of information security experience
Minimum 5 years of leading teams experience
Technical expertise in at least three of the following areas:
Windows disk and memory forensics
Cloud Operations and Engineering
Network Security Monitoring (NSM), network traffic analysis, and log analysis
Unix or Linux disk and memory forensics
Static and dynamic malware analysis
Applied knowledge in at least one scripting or development language (such as Python)
Thorough understanding of enterprise security controls in Active Directory / Windows environments
Master's Degree in a Technical Field
Possess one cybersecurity certification, such as:
GIAC Certified Incident Handler (GCIH)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Forensic Analyst (GCFA)
Ability to leverage project management skills and tools to effectively budget, scope, and execute on strategic initiatives and goals
Ability to manage multiple projects and manage tight deadlines
Prior training and public speaking engagement experience
Ability to exercise emotional intelligence and situational awareness.
Strong interpersonal communication skills.
Ability to lead a team of highly technical security professionals
Ability to prepare and review customized contracts for security consulting services
Willingness to travel up to 10%
Scheduled Weekly Hours