Senior Threat Detection Engineer

At CVS Health, we're building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.As the nation's leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues - caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.Who You Are

• Experienced Threat Hunter: Proven expertise in detecting, analyzing, and responding to advanced threats using Microsoft Security tools, CrowdStrike, Splunk, Google Chronicle, and other SOC technologies. Skilled in threat hunting to identify adversarial behavior across endpoints, networks, and cloud environments.
• Detection Engineering Specialist: Proficient in developing and tuning detection rules, leveraging SIEM platforms like Splunk and Google Chronicle to identify malicious activity accurately. Experienced in using KQL (Kusto Query Language) for Microsoft Sentinel and writing custom detection logic.
• Offensive Security Knowledge: Hands-on experience in penetration testing to assess security vulnerabilities across networks, applications, and systems. Familiar with tools like Kali Linux, Metasploit, and scripting with Python, PowerShell, or Bash. Ability to emulate adversary tactics based on the MITRE ATT&CK framework.
• Purple Team Advocate: Proven track record of collaborating with blue teams to design and conduct purple team exercises that enhance detection and response capabilities. Skilled in translating offensive security findings into actionable defense strategies.
• Threat Intelligence Integrator: Experienced in integrating threat intelligence into detection strategies to prioritize and mitigate threats effectively. Ability to adapt detection logic based on emerging adversary tactics and techniques.
• Incident Response Collaborator: Demonstrated ability to support incident response teams by providing insights into adversary tactics and enhancing detection capabilities during active investigations.
• Compliance Knowledgeable: Familiar with regulatory and compliance requirements such as PCI-DSS, HIPAA, NIST, and ISO 27001.
• Innovator: Passionate about advancing detection capabilities and integrating offensive security practices into a comprehensive threat management strategy.

Role ResponsibilitiesDetection Engineering & Threat Hunting

• Develop, deploy, and optimize detection rules across SIEM platforms such as Microsoft Sentinel, Splunk, and Google Chronicle.
• Conduct threat hunting activities using Microsoft Defender, CrowdStrike, and other SOC tools to identify and respond to advanced threats.
• Leverage KQL and SPL (Search Processing Language) to create custom detections and automate responses.
• Continuously refine detection capabilities based on emerging threats and intelligence.

Penetration Testing & Adversary Emulation

• Assist with internal and external penetration tests to identify vulnerabilities.
• Design and execute adversary emulation scenarios to assess detection and response effectiveness.
• Utilize penetration testing tools and custom scripts to simulate real-world attack scenarios.
• Produce detailed reports with findings and actionable recommendations.

Purple Team Operations

• Work closely with blue teams to conduct purple team exercises, bridging offensive and defensive security efforts.
• Provide actionable insights to improve monitoring, alerting, and incident response based on adversary tactics.
• Facilitate knowledge-sharing sessions to upskill internal teams on TTPs (Tactics, Techniques, and Procedures).

Threat Intelligence Integration

• Integrate threat intelligence into detection strategies to prioritize threats and adapt detection rules.
• Analyze threat intelligence feeds and translate them into actionable detection and response measures.

Incident Response Support

• Collaborate with the incident response team during investigations by providing adversary tactics insights.
• Assist in developing threat-hunting use cases and refining detection capabilities.

Security Strategy & Risk Management

• Contribute to the development of a comprehensive detection strategy aligned with risk management goals.
• Provide leadership with reports on security gaps, risks, and detection effectiveness.

Required Qualifications

• 5+ years of experience in threat detection, hunting, penetration testing, and/or offensive security.

• 3+ years of experience in Microsoft Security tools (Defender for Endpoint, Sentinel), CrowdStrike, Splunk, and Google Chronicle.
• 3+years of experience with KQL, SPL, Python, PowerShell, or Bash scripting for automation and detection logic.

Preferred Qualifications

• Relevant certifications such as OSCP, GCIH, GCIA, CISSP, CEH, or Microsoft Azure Certification.
• Experience in managing or participating in purple team exercises.
• Familiarity with compliance standards like PCI-DSS, HIPAA, or ISO 27001.
• Strong understanding of the MITRE ATT&CK framework and security standards (NIST, CIS).
• Strong communication skills to convey complex security issues to non-technical stakeholders.

Education

• Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)

Anticipated Weekly Hours
40Time Type
Full timePay Range

The typical pay range for this role is:$101,970.00 - $203,940.00This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.Great benefits for great peopleWe take pride in our comprehensive and competitive mix of pay and benefits - investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefitsWe anticipate the application window for this opening will close on: 04/01/2025Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.