[Remote] Cyber Security Engineer
Note: The job is a remote job and is open to candidates in USA. TeamHealth is proud to be the leading physician practice in the U.S. providing exceptional patient care. The Cyber Security Engineer will focus on tool ownership for email and web security, as well as conducting threat hunting across the enterprise environment.
Responsibilities
- Own configuration, tuning, and operational health of Mimecast and Zscaler. Monitor platform health, review alert fidelity, and identify gaps in coverage
- Analyze email and web security events. Investigate suspicious activity, triage alerts, and escalate confirmed incidents through established IR procedures
- Identify opportunities to improve detection logic and policy configuration. Collaborate with security operations peers to implement, test, and validate changes
- Produce metrics and reporting on the state of email and web security controls. Communicate findings clearly to management and peer teams
- Conduct proactive, hypothesis-driven hunts for adversary activity across the enterprise environment, with particular depth in email and web traffic
- Develop hunting hypotheses from threat intelligence, industry reporting, and observed anomalies. Document methodology, findings, and outcomes for each hunt
- Identify indicators of compromise and behavioral patterns that automated detection has not flagged. Escalate confirmed findings through IR procedures
- Contribute hunting findings back to detection engineering – hunts that prove out should become automated detections where feasible
- Stay current on threat actor tactics, techniques, and procedures relevant to the healthcare sector. Apply that knowledge to prioritize hunting activity
- Support Tier 2 and Tier 3 escalations when email, web security, or hunting context is relevant
- Contribute to policy, standards, and procedure updates that affect email and web security controls
- Participate in on-call rotation for after-hours security support, approximately one week per month
Skills
- Bachelor's degree in a related field, or equivalent demonstrated experience
- 3 to 5 years of experience in a security engineering or security operations role
- Working knowledge of email security concepts including SPF, DKIM, and DMARC
- Familiarity with secure web gateway or zero trust network access technologies
- Experience using a SIEM for log analysis and investigation – writing queries, correlating events, and building timelines
- Working knowledge of MITRE ATT&CK and how it applies to structured threat hunting
- Experience supporting incident detection and response in an enterprise environment
- Familiarity with HIPAA and HITRUST compliance requirements as they apply to security operations
- GCIA (GIAC Certified Intrusion Analyst)
- GCIH (GIAC Certified Incident Handler)
- CompTIA Security+
Company Overview
Company H1B Sponsorship