Go to job search

Senior Cyber Detection Engineer

UnitedHealth Group Incorporated, City of Westminster

Senior Cyber Detection Engineer

Salary Not Specified

UnitedHealth Group Incorporated, City of Westminster

  • Full time
  • Permanent
  • Remote working

Posted today, 4 Dec | Get your application in now to be one of the first to apply.

Closing date: Closing date not specified

job Ref: c297055ac259475c86dccac2e212a9c1

Full Job Description

  • Lead the development, implementation, and tuning of detection rules in Google SecOps (Chronicle) using Yara-L language to ensure high-fidelity alerts and minimal false positives.
  • Utilize a SIEM platform to monitor and analyze security logs, identify threats, and investigate complex security incidents.
  • Conduct proactive threat hunting to identify malicious activities leveraging advanced analytics and threat intelligence.
  • Coordinate and lead incident response activities, including containment, root cause analysis, eradication, and recovery.
  • Research emerging cyber threats and vulnerabilities to enhance detection strategies.
  • Optimize and configure security tools and platforms to improve detection and response capabilities.
  • Collaborate with cross-functional teams to integrate new log sources and refine existing telemetry for advanced detection.
  • Develop and maintain code libraries to enrich security telemetry within the detection pipeline.
  • Conduct code reviews and provide mentorship to junior team members.
  • Build and maintain relationships across teams to enhance overall security posture.
    • You will be rewarded and recognised for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role, as well as providing development for other roles you may be interested in.

  • Extensive experience in writing and optimizing detection queries in Yara-L language for Google SecOps (Chronicle).
  • Experiecne working in a Security Operations Center (SOC) or Security Incident Response environment
  • Strong experience writing detection queries in additional languages (e.g., KQL for Microsoft Defender, SPL for Splunk):
  • Experience working with SIEM log analysis, monitoring, and investigation
  • Identifying attacker tactics, techniques, and procedures:
  • Knowledge of EDR, email security, and SaaS application security
  • Strong understanding of log sources (network, host, application):
  • Strong analytical and problem-solving capabilities to identify and mitigate security risks.
  • Excellent communication and collaboration skills to work effectively in a team environment.
  • Expertise in modern attack patterns and the evolving threat landscape.
    • Please note you must currently be eligible to work and remain indefinitely without any restrictions in the country to which you are making an application. Proof will be required to support your application.

    Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. As a Fortune 5 business, we're one of the world's leading healthcare companies. There are no limits here on the resources you'll have or the challenges you'll encounter. We have been supporting global healthcare systems from Ireland and the UK for more than 20 years, building a dynamic and diverse team of more than 2,100 talented individuals. With a continued record of growth and stability, we're on the constant lookout for fresh talent to join our expanding teams.

Relevant jobs