Cybersecurity Threat Engineer
Nashville , Tennessee
October 22, 2017

At its founding in 1968, Nashville-based HCA was one of the nation's first hospital companies. Today, one of the nation's leading providers of healthcare services, HCA is comprised of locally-managed facilities that include more than 250 hospitals and freestanding surgery centers in 20 states and the United Kingdom, employing approximately 230,000 people. Approximately four to five percent of all inpatient care delivered in the country today is provided by HCA facilities resulting in more than 26M patient encounters each year. HCA is committed to the care and improvement of human life and strives to deliver high quality, cost effective healthcare in the communities we serve. Building on the foundation provided by our Mission & Values, HCA puts patients first and works to constantly improve the care we provide by implementing measures that support our caregivers, help ensure patient safety and provide the highest possible quality.
Additional Facts:
• Ranked 63 in Fortune 500
• Competitive Fortune 100, industry matched salaries and yearly merit increase
• Computerworld Top 50 Best Places to Work in IT since 2009
• Named one of the "World's Most Ethical Companies" since 2010
• 106 HCA hospitals are on The Joint Commission's list of top performers on key quality measures


You will be a Cyber Defender - serving as the last line of defense between HCA and the threat actors that wish to bring harm to HCA and the patients we serve. You will use state of the art technologies to detect threats on our network and eradicate them as a member of our CyberDefense Center (CDC). As a member of the CDC, you will operate along with a small team of like-minded individuals with a passion cyber security.

This role will provide Tier 1 and Tier 2 analysis and response to cyber security threats. Successful candidates will have a passion for cybersecurity and be naturally curious and self-motivated. Good teamwork and communication skills are also vital. Our team operates as a close knit group serving a noble purpose - to win the fight against evil every day.

Our enemies never sleep - neither do we. This position will be called on to support 24x7 operations, so, night and weekend work is expected.


• Major Responsibilities:

• Monitor security alert queue - investigate and triage events based on criticality. Provide recommendations on how to mitigate the threats.
• Perform incident response during major cybersecurity events.
• Provide guidance to field resources on how to properly remediate a threat.
• Work closely with other CDC team members to improve tools, techniques, and procedures for CDC operation.
• Continuously improve documentation of work products and processes.
• Participate in red/blue team exercises.
• Desired Experience:
• Experience in performing security analysis or reporting utilizing Security Incident and Event Management (SIEM) Technologies. Preferably Splunk and SPL experience.
• Experience with document management and sustaining Security Operations Center (SOC) policies and run book procedures for incident response.
• Working experience with documenting root cause analysis and lessons learned.
• Experience consuming and generating cybersecurity threat intelligence.
• Experience across the technology stack. Familiarity with all OSI layers and expertise in some.
• Experience interfacing with peer support teams (Security Engineering, Vulnerability and Patching Teams, Networking, Access Management, Legal, Risk/Governance, etc.)
• Experience working in a high-tempo, dynamic environment with a high performance team.
• Experience with work ticketing systems (e.g. - Remedy, ServiceNow)

• Desired Technical Skills:

• Microsoft Office Suite
• Knowledge of TCPIP/UDP/ICMP
• Knowledge of OSI Reference model
• Windows and *Nix operating systems
• Programming - experience with any programming language. Experience with python, perl, ruby or similar a plus.
• Familiarity with common security controls - firewalls, proxies, AV, IDS, IPS, etc.
• Capable of hunting malicious activity across multiple security toolsets
• Basic knowledge of threat modeling and kill-chain.
• Preferred experience in database query language (i.e. MySQL, MSSQL, PostgreSQL)
• Understanding of tool ecosystems within EDR, EPP, IDS/IPS, Automated Malware Analysis, Netflow Anomaly Detections, IDS/IPS. Preferable experience with RSA eCAT, Symantec/Trend AV, Snort/FirePower, FireEye, Lancope
Examples: RSA eCAT/CarbonBlack/Crowdstrike, Symantec/Trend AV, Snort/FirePower, FireEye/Cisco/Proofpoint, Lancope
• Familiarity with NIST CyberSecurity Framework


Bachelor's degree is preferred.


1 years of experience is needed for a successful candidate.

A little about us:
HCA is the nation’s leading private provider of healthcare services. Comprised of locally managed facilities which include 230,000 employees at over 160 hospitals, over 120 surgery centers and 100 urgent care facilities in 20 states and the United Kingdom

Know someone who would be interested in this job? Share it with your network.