Blue Team Principal - Cybersecurity @ HealthEquity | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Blue Team Principal - Cybersecurity jobs in United States
Be an early applicantLess than 25 applicants
company-logo

HealthEquity · 2 days ago

Blue Team Principal - Cybersecurity

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$127K/yr - $160K/yr
date8+ years exp
ftfMaximize your interview chances
Financial ServicesHealth Care
check
Growth Opportunities
check
H1B Sponsor Likelynote

Insider Connection @HealthEquity

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead and collaborate on developing Security Operations, Cyber Threat Intelligence (CTI), and Advanced Threat Hunting capabilities. Act as a key escalation point for high-severity incidents, serving as Incident Commander to ensure a comprehensive response.
Assist the CTI team in identifying, analyzing, responding, and reporting on emerging threats. Partner closely with Advanced Threat Hunters to improve threat detection, analysis, and defense strategies.
Oversee high-severity incidents and take on Incident Commander responsibilities, coordinating response efforts and managing communication with stakeholders. Ensure incidents are managed effectively through detection and remediation.
Support new rule creation, SOAR automation, and tuning to ensure the Security Operations team responds to the most relevant and impactful alerts. Use Advanced Threat Hunting and CTI insights to fine-tune detection rules and automation workflows.
Collaborate with the SOC and MSSP to ensure efficient handling of Tier 1 (T1) alerts and escalate more complex cases as necessary. Provide guidance to the MSSP on improving T1 analysis quality.
Evaluate and enhance existing monitoring capabilities in Security Operations, CTI, and Threat Hunting, identifying gaps and recommending new tools or technologies to stay ahead of evolving threats.
Develop and implement advanced detection techniques for monitoring malicious activity, utilizing CTI insights to create targeted use cases and enhance situational awareness across the SOC.
Partner with Security Operations L3 support to maintain high standards in response processes and develop playbooks for complex scenarios. Ensure that the team is prepared to handle high-impact incidents with precision.
Analyze and assess threat intelligence, working closely with CTI to identify trends, indicators of compromise (IOCs), and relevant threat actor behavior. Leverage this intelligence to inform rule development and fine-tune alerting criteria.
Present briefings to leadership and critical stakeholders on advanced threat landscapes, incident response activities, and the effectiveness of current Security Operations measures. Emphasize program performance and adapt strategies based on evolving security challenges.
Assist the Security Operations Director with regular risk assessments and gap analyses for critical assets to build a culture of continuous improvement. Ensure proper logging, monitoring, and response mechanisms are in place for all key areas.
Monitor and validate SOC performance metrics, focusing on detection accuracy, response times, and the meaningfulness of alerts. Implement feedback loops to refine rules and automation.
Support cross-team collaboration with IT, Help Desk, Fraud, and other stakeholders to ensure the efficient handling of security events, minimizing false positives while enhancing overall detection capabilities.
Design training and development programs for the Security Operations team, focusing on advanced threat analysis, incident response techniques, and leveraging SOAR tools as a supportive capability for automation and efficiency.
Partner with law enforcement, industry peers, and internal stakeholders to maintain best practices in incident response, advanced threat detection, and SOC automation.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security OperationsCyber Threat IntelligenceIncident ResponseAdvanced Threat HuntingSOAR AutomationServiceNow SIRMicrosoft SentinelSplunkTaniumDefender XDRDatabricksWiresharkCloudflareEndpoint ForensicsCISSPCISMGSECGCIACIPP/US

Required

Bachelor’s degree in computer science or a related field and 8+ years of relevant experience in security operations, CTI, incident response, and security operations monitoring, or an equivalent combination of education and experience.
7+ years of experience addressing security issues, identifying vulnerabilities, staying current on regulatory and legal changes, and applying security standards with an impact on Information Security. Proven hands-on experience with advanced network/endpoint forensics and tools, including configuration and daily management.
2+ years of experience in Incident Response leading high severity incidents.
2+ years of experience in Cyber Threat Intelligence/Threat Hunting and implementing information security and network best practices.
5+ years of experience providing expert guidance on security issues affecting business processes and procedures, particularly those exploitable by external threat actors.
Ability and willingness to participate in on-call rotations and work non-standard hours when necessary.
Proficiency with ServiceNow SIR, Microsoft Sentinel, Splunk, Tanium, and Defender XDR, Databricks, Wireshark, Cloudflare, Endpoint Forensics.
Strong working knowledge of network and endpoint security principles, current threat and attack trends, and core security concepts.
Experience developing and implementing training programs and remedial actions as needed to mitigate security risks.
Ability to thrive in a fast-paced environment, adapt quickly to technological and business changes, and display sound judgment while solving complex problems.
Exceptional verbal and written communication skills, with the ability to articulate complex security concepts clearly and effectively.
Continued professional development and certifications such as CISSP, CISM, GSEC, GCIA, or CIPP/US.

Benefits

Medical, dental, and vision
HSA contribution and match
Dependent care FSA match
Uncapped paid time off
Adventure accounts
Paid parental leave
401(k) match
Personal and healthcare financial literacy programs
Ongoing education & tuition assistance
Gym and fitness reimbursement
Wellness program incentives

Company

HealthEquity

twittertwittertwitter
Glassdoor
4.1
company-logo
HealthEquity connects health and wealth by administering Health Savings Accounts (HSAs) and other consumer-directed benefits.
dateFounded in 2002
location
Draper, Utah, USA
people-size1001-5000 employees
web-link
http://www.healthequity.com

H1B Sponsorship

HealthEquity has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (27)
2022 (7)
2021 (1)
2020 (2)

Funding

Current Stage
Public Company
Total Funding
$12.5M
2014-07-31IPO
2011-09-09Private Equity· $12.5M

Leadership Team

leader-logo
Jon Kessler
President & CEO
linkedin
leader-logo
James Lucania
Executive Vice President & Chief Financial Officer
linkedin

Recent News

Benzinga
Expert Ratings For HealthEquity
2024-12-03
Benzinga
Netflix To Rally More Than 7%? Here Are 10 Top Analyst Forecasts For Monday
2024-12-03
thefly.com
Notable open interest changes for December 2nd
2024-12-03
Company data provided by crunchbase
logo

Orion

Your AI Copilot