HealthEquity is hiring: Blue Team Principal - Cybersecurity in Draper
HealthEquity, Draper, UT, United States, 84020
Blue Team Principal - Cybersecurity Job Locations US-Remote Overview We areCONNECTING HEALTH AND WEALTH.Come be part of remarkable. How you can make a difference The Blue Team Principal leads and enhances Security Operations, Cyber Threat Intelligence, and Incident Response initiatives. This role requires a deep understanding of advanced threat management, incident response, and security operations, focusing on developing effective detection and mitigation strategies. The Blue Team Principal will serve as a critical leader in high-severity incidents, provide guidance on complex threat scenarios, and drive the continuous improvement of monitoring capabilities. Expertise in working with cross-functional teams, implementing threat intelligence insights, and supporting SOAR automation for streamlined workflows is essential. The ideal candidate will excel in partnering with external MSSPs, ensuring efficient Tier 1 alert analysis, and leading efforts to ensure the organization What you'll be doing Lead and collaborate on developing Security Operations, Cyber Threat Intelligence (CTI), and Advanced Threat Hunting capabilities. Act as a key escalation point for high-severity incidents, serving as Incident Commander to ensure a comprehensive response. Assist the CTI team in identifying, analyzing, responding, and reporting on emerging threats. Partner closely with Advanced Threat Hunters to improve threat detection, analysis, and defense strategies. Oversee high-severity incidents and take on Incident Commander responsibilities, coordinating response efforts and managing communication with stakeholders. Ensure incidents are managed effectively through detection andremediation. Support new rule creation, SOAR automation, and tuning to ensure the Security Operations team responds to the most relevant and impactful alerts. Use Advanced Threat Hunting and CTI insightsto fine-tune detection rules and automation workflows. Collaborate with the SOC and MSSP to ensure efficient handling of Tier 1 (T1) alerts and escalate more complex cases as necessary. Provide guidance to the MSSP on improving T1 analysis quality. Evaluate and enhance existing monitoring capabilities in Security Operations, CTI, and Threat Hunting, identifying gaps and recommending new tools or technologies to stay ahead of evolving threats. Develop and implement advanced detection techniques for monitoring malicious activity, utilizing CTI insights to create targeted use cases and enhance situational awareness across the SOC. Partner with Security Operations L3 support to maintain high standards in response processes and develop playbooks for complex scenarios. Ensure that the team is prepared to handle high-impact incidents with precision. Analyze and assess threat intelligence, working closely with CTI to identify trends, indicators of compromise (IOCs), and relevant threat actor behavior. Leverage this intelligence to inform rule development and fine-tune alerting criteria. Present briefings to leadership and critical stakeholders on advanced threat landscapes, incident response activities, and the effectiveness of current Security Operations measures. Emphasize program performance and adapt strategies based on evolving security challenges. Assist theSecurity Operations Director with regular risk assessments and gap analyses for critical assets to build a culture of continuous improvement. Ensure proper logging, monitoring, and response mechanisms are in place for all key areas. Monitor and validate SOC performance metrics, focusing on detection accuracy, response times, and the meaningfulness of alerts. Implement feedback loops to refine rules and automation. Support cross-team collaboration with IT, Help Desk, Fraud, and other stakeholders to ensure the efficient handling of security events,... For full info follow application link.