at Blue Cross Blue Shield Association in Chicago, Illinois, United States
Job Description
Job Description Summary
The Lead Threat Detection and Response Engineer is highly technical role that will lead the Incident Response process within BCBSA Cyber Defense team. This role acts as the DFIR subject matter expert that plans and oversees initiatives to bring the best techniques in detection and response to BCBSA. The Lead Threat Detection and Response Engineer will provide training, mentoring, and advice to other engineers and analysts.
Responsibilities include but are not limited to:
Act as a technical lead for security related incidents in the corporate environment. Provide oversight to the identification, containment, and remediation of a security incident. Execute formal root cause analysis and lessons learned to improve the effectiveness of the processes and optimize controls.
Execute formalized processes and build a technology stack to establish an advanced threat detection capability.
Develop and maintain Incident Response processes, exercises and trainings to other engineers and analysts.
Provide hands-on malware reverse engineering and forensics support (i.e., forensic artifact handling and analysis).
Enhance and integrate security solutions to automate the detection-to-remediation activities.
Develop and manage continuous testing of Detection and Response capabilities.
Design and implement tooling to support maturing capabilities, reporting, and metrics.
Required Education, Certifications and Experience
High school diploma and Bachelor's Degree in Computer Science, MIS, Computer Engineering or equivalent work experience.
7 years of experience with a minimum of 4 years in one or more of the following: incident response, application security, network security, security operations, security monitoring, or security focused system's engineering.
4 years scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, Perl, or other languages.
Demonstrated expert level expertise in domain of Threat Detection and Incident Response technologies and processes including experience in response activities associated with advanced attacks.
Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, and application security.
Deep experience with IR, SIEM, Threat Intelligence, and Forensics tooling.
Experience with static and dynamic malware analysis.
Experience in automation of tasks through scripting or programming.
Experience with red teams or CTF (Capture The Flag).
Knowledge of Windows, Mac and Linux operating systems and Cloud platforms
Excellent written and oral communication skills.
Strong sense of ownership, urgency, and drive.
Preferred Education, Certifications and Experience
Security related certifications such as OSCP, GCIH, GCFA, GPEN, GNFA, GCUX, GREM.
People Management No
#LI-Hybrid
Blue Cross Blue Shield Association is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, disability, veteran status, genetic information or any other legally protected characteristics.
