You could be the one who changes everything for our 28 million members by using technology to improve health outcomes around the world. As a diversified, national organization, Centene's technology professionals have access to competitive benefits including a fresh perspective on workplace flexibility.

Position Purpose:

At Centene, our Detection Engineers are responsible for managing and supporting the systems and content related to multiple SIEM platforms. Detection Engineering is a team of Cyber Security professionals focused on defense in depth by researching critical threat intelligence, identifying gaps in defensive coverage, and creating custom detections on all available SIEMs. A focus on customer service and cross-functional team communication ensures cyber security partners like the SOC and CSIRT are able to focus their efforts, triaging and investigating security alerts and incidents, while avoiding "alert fatigue" and reducing noise from ineffective detections. In addition to creating and tuning detections, the team is also involved with maintaining security infrastructure, interfacing with SIEM contract vendors, and pushing improvements to data logging to future-proof Centene's environment and maintain security visibility to protect us from malicious threats.

As a Detection Engineer, you will be responsible for the design, implementation, and management of custom detections created in our Security Information and Event Management (SIEM) platforms, with a focus on threat detection and log analysis using Splunk. This role is responsible for: conducting advanced log analysis to identify indicators of compromise (IOCs) and patterns of malicious activity; collaborating with the security operations team to ensure timely incident resolution and effective containment of security breaches; conducting periodic reviews and assessments of SIEM rules and processes to identify areas for improvement and optimization; staying up to date with the latest industry trends, threat intelligence, and emerging technologies in the field of SIEM and threat detection; providing guidance, training, and knowledge transfer to junior team members on SIEM engineering and Splunk best practices.

• Intermediate knowledge of network, cloud, system, and web application attacks and mitigations.

• Strong knowledge of query languages like KQL and SPL.

• Knowledge of security investigations and incident response methodologies, driving that knowledge into the creation of custom detections.

• Intermediate understanding of cybersecurity principles, frameworks, and standards.

• Intermediate understanding of adversary techniques and the signals they generate.

• Expertise in tools and techniques for analyzing large sets of data.

• Experience collaborating with security operations teams and assisting with intrusion investigations.

• In addition to solid technical skills, candidates should have:

• Excellent analytical and problem-solving skills.

• Mature communication and interpersonal skills.

• Be a self-starter.

• Comfortable mentoring other engineers and more junior security teammates.

• Performs other duties as assigned.

• Complies with all policies and standards.

Education/Experience:

A Bachelor's degree in a quantitative or business field (e.g., statistics, mathematics, engineering, computer science).

Requires 2 – 4 years of related experience.

Or equivalent experience acquired through accomplishments of applicable knowledge, duties, scope and skill reflective of the level of this position.

Experience in investigating fraud and cybercrime preferred.

Technical Skills:

• One or more of the following skills are desired:

• Knowledge of Other: Tools, techniques and processes (TTP) used by threat actors

• Knowledge of Other: Indicators of compromise (IOC)

• Experience with Other: Endpoint protection and enterprise detection & response software (such as CrowdStrike or Carbon Black)

• Knowledge of Other: Network and infrastructure technologies including routers, switches, firewalls, etc.

Soft Skills:

• Intermediate - Seeks to acquire knowledge in area of specialty

• Intermediate - Ability to identify basic problems and procedural irregularities, collect data, establish facts, and draw valid conclusions

• Intermediate - Ability to work independently

License/Certification:

• SANS GIAC Security Essentials (GSEC), SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent, SANS GIAC Certified Incident Handler (GCIH) or equivalent desired

Pay Range: $72,400.00 - $130,100.00 per year

Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid time off plus holidays, and a flexible approach to work with remote, hybrid, field or office work schedules. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law. Total compensation may also include additional forms of incentives.

Centene is an equal opportunity employer that is committed to diversity, and values the ways in which we are different. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristic protected by applicable law.