Senior Cyber Threat Detection Engineer - Remote

Senior Cyber Threat Detection Engineer

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

The Enterprise Information Security (EIS) team is responsible for cybersecurity across our organization. We support our business and members by reducing risk, rapidly responding to threats, focusing on business resiliency and securing new acquisitions.

As a Senior Cyber Threat Detection Engineer, you will be responsible for leading the design, implementation, and maintenance of advanced detection strategies and rules. You will work independently or with a team to analyze security logs, perform threat hunting, and coordinate detection engineering. This role requires a deep understanding of security technologies, threat intelligence, and extensive hands-on experience in cyber threat detection.

You'll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities:

• Lead the development, testing, tuning, implementation, and maintenance of high-fidelity detection rules for the purpose of identifying potential security threats
• Utilize a SIEM to monitor and analyze security logs, identify security threats, and investigate complex security incidents
• Conduct proactive threat hunting, analyze attack techniques, and develop countermeasures
• Coordinate and lead incident response activities, including containment, root cause analysis, eradication, and recovery
• Enhance threat intelligence capabilities through research, analysis, and collaboration
• Configure and optimize security tools and platforms to enhance detection capabilities
• Collaborate with cross-functional teams to identify relevant security telemetry, integrate new log sources, and enhance existing data sources for improved detection and analysis
• Conduct research on emerging cyber threats and vulnerabilities to proactively develop detection strategies
• Plan, develop, and maintain supporting code libraries to enrich security telemetry as it traverses the detection pipeline
• Perform code reviews for fellow engineers working on the detection pipeline
• Provide expertise and guidance to junior team members on detection methodologies and best practices
• Collaborate and build relationships with multiple teams throughout UHG

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• 3+ years of experience and deep understanding of Splunk Enterprise Security platform
• 3+ years of hands-on experience writing and optimizing detection queries using various query languages, particularly in SPL for Splunk and KQL for Microsoft Defender EDR
• 3+ years of experience in utilizing SIEM for log analysis, monitoring, and investigation
• 2+ years of experience working in a Security Operations Center (SOC) environment
• 2+ years of experience in Detection Engineering or Digital Forensics with broad knowledge of security domain
• 2+ years of experience identifying attacker tactics, techniques, and procedures
• 2+ years of experience in intrusion detection, security investigations, and incident response
• 2+ years of experience using threat intelligence to find suspicious activities proactively and iteratively in available security telemetry
• 2+ years of experience with log sources, including various network, host, and application logs
• Demonstrated understanding of modern attack patterns and threat landscape
• Demonstrated expertise in EDR, email security, and securing SaaS applications
• Demonstrated excellent analytical and problem-solving skills with the ability to identify and mitigate security risks
• Demonstrated communication and collaboration skills, with the ability to work effectively in a team environment

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). The salary for this role will range from $89,900 to $160,600 annually based on full-time employment. We comply with all minimum wage laws as applicable.

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.