Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology. As one of the world's leading employee benefits providers, we help millions of people gain affordable access to benefits that help them protect their families, their finances and their futures.Are you an asker of questions, a solver of problems, and a challenger of the status quo? Our mission is to provide a differentiated customer experience and exceed the expectations people have of technology at any company — not just insurers.We are seeking individuals to join our team of talented IT professionals who share never-ending passion and an unwavering focus on our customer experience. Team members comfortable working in an agile, fast-paced, and delivery-focused environment thrive in our environment where we value an entrepreneurial spirit and those who challenge the status-quo.Unum is changing, and we’re excited about what’s next. Join us.General Summary:As a Senior Security Engineer, you will play a crucial role in enhancing our cybersecurity posture by implementing advanced measures to detect, respond to, and mitigate cyber threats.The Senior Security Engineer: Threat Detection and Response (SSE:TDR) within the Unum SOC is responsible for developing and maintaining high-quality threat detection rules and analytics informed by the most critical threats targeting Unum. The SSE:TDR role is primarily responsible for the creation, maintenance and tuning of high fidelity, low noise alerts and notables that effectively identify and prioritize critical issues, reduce false positives, and enhance the overall cyber security posture of Unum, and the creation of new use cases and detection analytics entering the detection and monitoring ecosystem.Job Specifications:
Demonstrates expert technical skills that are needed to defend the enterprise environment, such as:
5+ years of information security related experience, in areas such as: security operations, incident analysis, incident handling, vulnerability management or testing, system patching, log analysis, intrusion detection, or security device administration.
Proficiency in Splunk or other SIEM tools, including rule creation, query writing, and alert management.
Experience with Swimlane or other SOAR platforms and implementing automated workflows and playbooks.
In-depth packet analysis skills, core forensic familiarity, incident response skills, and data fusion skills based on multiple security data sources.
Scripting and automation.
System administration on Linux or Windows.
Network forensics, logging, and event management.
Defensive network infrastructure (operations or engineering).
Vulnerability assessment and penetration testing concepts.
Malware analysis concepts, techniques, and reverse engineering.
In-depth knowledge of network and host security technologies and products (such as firewalls, network IDS/IPS, scanners) with a desire to continuously improve these skills.
Security monitoring technologies, such as EDRs, Web Proxies, UEBA, DLP, among others.
Strong understanding of MITRE ATT&CK™ framework, cyber threat landscapes, attack vectors and threat actors.
Familiarity with common cybersecurity frameworks such as NIST CSF and other industry standards or best practices.
Relevant information security-related certifications such as ISC2 CISSP, and GIAC GCIH, GCIA, GNFA, GCFE or similar technical certifications are highly desirable.
Principal Duties and Responsibilities:
Develop and maintain high-quality threat detection rules, queries, and alerts based on identified use cases, threat scenarios, and structured threat intelligence, including MITRE ATT&CK™ Tactics, Techniques and Procedures (TTPs).
Leverage the MITRE ATT&CK™ Framework and other forms of structured threat intelligence approaches to enhance detection analytic capabilities, develop contextualized alerts, and improve overall cyber security posture.
Create and implement automated workflows and playbooks in tools such as Swimlane to enhance incident response capabilities, streamline security operation, and increase organisational efficiency.
Be a key participant in incident response activities and provide subject matter expertise and insight when and where required.
Partner with cross-functional GIS orgs to gain operational context and derive response to emerging threats.
Continuously research and stay up to date with the latest cyber threats, attack vectors, and methodologies to improve detection analytics and capabilities.
Evaluate and recommend new security tools, techniques, and process to enhance the organization threat detection and response capabilities and improve overall maturity of Security Operations.
Conduct regular reviews and assessments of detection rules and automated workflows to ensure optimal performance, effectiveness, and fidelity.
Develop and maintain documentation related to threat detection, monitoring, and automation processes and procedures in alignment with best practices.
Provide training and guidance to team members to enhance their understanding of threat detection methodologies, automation techniques, and structured threat intelligence.
Additionally:
Strong analytical and problem-solving skills, with the ability to identify and prioritize critical issues.
Excellent written and verbal communication skills, with the ability to clearly explain complex security concepts to both technical and non-technical audiences.
Ability to lead content discussion around incident investigation efforts and effectively coordinate communications.
Demonstrated ability to work in a team environment, able to train and coach other team members.
Strong logical thinking abilities, especially with content logic.
Excellent analytical and problem-solving abilities.
Excellent organizational and attention to details in tracking activities within various Security Operation workflows.
Well established client-focused communication skills that requires to read, review, investigate, and summarize reports on complex issues, in a manner that can be understood by non-technical readers.
Ability to lead content discussion around incident investigation efforts and effectively coordinate communications.
#LI-TS1#LI-MULTIIN1Our company is built on helping individuals and families, and this starts with our employees. We want employees to maintain a positive balance, which is why we provide access to the benefits and resources they need to invest in themselves. From our onsite fitness facilities and generous paid time off to employee professional development programs, we are committed to helping employees live and work their best – both inside and outside the office.Unum is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person's race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status.The base salary range for applicants for this position is listed below. Unless actual salary is indicated above in the job description, actual pay will be based on skill, geographical location and experience.$89,400.00-$174,800.00Additionally, Unum offers a portfolio of benefits and rewards that are competitive and comprehensive including healthcare benefits (health, vision, dental), insurance benefits (short & long-term disability), performance-based incentive plans, paid time off, and a 401(k) retirement plan with an employer match up to 5% and an additional 4.5% contribution whether you contribute to the plan or not. All benefits are subject to the terms and conditions of individual Plans.Company:Unum