TeamHealth

Cyber Security Engineer

Remote, USPosted 4 days ago

Job Description

Cyber Security Engineer

===========================

United States External Job Description and Responsibilities

TeamHealth

is proud to be the leading physician practice in the U.S. providing exceptional patient care, together. TeamHealth has been recognized as one of the “165 Top Places to Work in Healthcare” for 2026 by Becker’s Hospital Review. TeamHealth has also been recognized by Newsweek as one of America’s Greatest Workplaces in Health Care for 2025. We continue to grow across the U.S. from our Clinicians to Corporate Employees. Join Us!

Overview

The Cyber Security Engineer is a member of TeamHealth's Security Operations team with two equally weighted areas of focus: tool ownership for email and web security (Mimecast and Zscaler), and threat hunting across the enterprise environment.

Essentials Duties and Responsibilities

Tool Ownership* Own configuration, tuning, and operational health of Mimecast and Zscaler. Monitor platform health, review alert fidelity, and identify gaps in coverage * Analyze email and web security events. Investigate suspicious activity, triage alerts, and escalate confirmed incidents through established IR procedures * Identify opportunities to improve detection logic and policy configuration. Collaborate with security operations peers to implement, test, and validate changes * Produce metrics and reporting on the state of email and web security controls. Communicate findings clearly to management and peer teams

Threat Hunting* Conduct proactive, hypothesis-driven hunts for adversary activity across the enterprise environment, with particular depth in email and web traffic * Develop hunting hypotheses from threat intelligence, industry reporting, and observed anomalies. Document methodology, findings, and outcomes for each hunt * Identify indicators of compromise and behavioral patterns that automated detection has not flagged. Escalate confirmed findings through IR procedures * Contribute hunting findings back to detection engineering – hunts that prove out should become automated detections where feasible * Stay current on threat actor tactics, techniques, and procedures relevant to the healthcare sector. Apply that knowledge to prioritize hunting activity

General* Support Tier 2 and Tier 3 escalations when email, web security, or hunting context is relevant * Contribute to policy, standards, and procedure updates that affect email and web security controls * Participate in on-call rotation for after-hours security support, approximately one week per month

What We're Looking For

Passion for Information Security* You follow the threat landscape because you find it genuinely interesting, not because it's in your job description. You read security blogs, track CVEs, or participate in CTFs on your own time * You care about getting it right – not just closing tickets, but understanding what actually happened and why * You bring energy to your work even when it's routine. Tool tuning and alert review aren't glamorous, but you treat them as opportunities to improve coverage rather than tasks to get through

Critical Thinking* You question assumptions. When an alert fires, you ask whether the detection logic is sound before assuming the activity is malicious * You can hold competing hypotheses at the same time and work methodically to rule them out. Threat hunting without that discipline produces noise, not findings * You know when you've found something and when you haven't. Intellectual honesty about inconclusive results is as important as identifying real threats * You look for root causes, not just symptoms. A misconfigured policy is worth fixing even if it hasn't been exploited yet

Collaboration and Communication* You work well across a team of engineers who each own different tools and disciplines. You ask for help when you need it and offer it when you can * You can explain technical findings to someone who isn't technical * You document your work. Hunt methodology, investigation notes, and configuration changes need to be reproducible by someone else

#LI-TA1

Requirements

Required Qualifications

  • Bachelor's degree in a related field, or equivalent demonstrated experience
  • 3 to 5 years of experience in a security engineering or security operations role
  • Working knowledge of email security concepts including SPF, DKIM, and DMARC
  • Familiarity with secure web gateway or zero trust network access technologies
  • Experience using a SIEM for log analysis and investigation – writing queries, correlating events, and building timelines
  • Working knowledge of MITRE ATT&CK and how it applies to structured threat hunting
  • Experience supporting incident detection and response in an enterprise environment
  • Familiarity with HIPAA and HITRUST compliance requirements as they apply to security operations

Preferred Qualifications

* GCIA (GIAC Certified Intrusion Analyst) * GCIH (GIAC Certified Incident Handler) * CompTIA Security+

Location

Remote Working Level

Full-Time

Apply for this role

Keep looking

Similar Remote IT And Developer Jobs