Blue Team Principal - Cybersecurity

We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable.

How you can make a difference

The Blue Team Principal leads and enhances Security Operations, Cyber Threat Intelligence, and Incident Response initiatives. This role requires a deep understanding of advanced threat management, incident response, and security operations, focusing on developing effective detection and mitigation strategies. The Blue Team Principal will serve as a critical leader in high-severity incidents, provide guidance on complex threat scenarios, and drive the continuous improvement of monitoring capabilities. Expertise in working with cross-functional teams, implementing threat intelligence insights, and supporting SOAR automation for streamlined workflows is essential. The ideal candidate will excel in partnering with external MSSPs, ensuring efficient Tier 1 alert analysis, and leading efforts to ensure the organization

What you'll be doing

Lead and collaborate on developing Security Operations, Cyber Threat Intelligence (CTI), and Advanced Threat Hunting capabilities. Act as a key escalation point for high-severity incidents, serving as Incident Commander to ensure a comprehensive response.

• Assist the CTI team in identifying, analyzing, responding, and reporting on emerging threats. Partner closely with Advanced Threat Hunters to improve threat detection, analysis, and defense strategies.

• Oversee high-severity incidents and take on Incident Commander responsibilities, coordinating response efforts and managing communication with stakeholders. Ensure incidents are managed effectively through detection andremediation.

• Support new rule creation, SOAR automation, and tuning to ensure the Security Operations team responds to the most relevant and impactful alerts. Use Advanced Threat Hunting and CTI insightsto fine-tune detection rules and automation workflows.

• Collaborate with the SOC and MSSP to ensure efficient handling of Tier 1 (T1) alerts and escalate more complex cases as necessary. Provide guidance to the MSSP on improving T1 analysis quality.

• Evaluate and enhance existing monitoring capabilities in Security Operations, CTI, and Threat Hunting, identifying gaps and recommending new tools or technologies to stay ahead of evolving threats.

• Develop and implement advanced detection techniques for monitoring malicious activity, utilizing CTI insights to create targeted use cases and enhance situational awareness across the SOC.

• Partner with Security Operations L3 support to maintain high standards in response processes and develop playbooks for complex scenarios. Ensure that the team is prepared to handle high-impact incidents with precision.

• Analyze and assess threat intelligence, working closely with CTI to identify trends, indicators of compromise (IOCs), and relevant threat actor behavior. Leverage this intelligence to inform rule development and fine-tune alerting criteria.

• Present briefings to leadership and critical stakeholders on advanced threat landscapes, incident response activities, and the effectiveness of current Security Operations measures. Emphasize program performance and adapt strategies based on evolving security challenges.

• Assist theSecurity Operations Director with regular risk assessments and gap analyses for critical assets to build a culture of continuous improvement. Ensure proper logging, monitoring, and response mechanisms are in place for all key areas.

• Monitor and validate SOC performance metrics, focusing on detection accuracy, response times, and the meaningfulness of alerts. Implement feedback loops to refine rules and automation.

• Support cross-team collaboration with IT, Help Desk, Fraud, and other stakeholders to ensure the efficient handling of security events, minimizing false positives while enhancing overall detection capabilities.

• Design training and development programs for the Security Operations team, focusing on advanced threat analysis, incident response techniques, and leveraging SOAR tools as a supportive capability for automation and efficiency.

• Partner with law enforcement, industry peers, and internal stakeholders to maintain best practices in incident response, advanced threat detection, and SOC automation.

What you will need to be successful

• Bachelor's degree in computer science or a related field and 8+ years of relevant experience in security operations, CTI, incident response, and security operations monitoring, or anequivalent combination of education and experience.

• 7+ years of experience addressing security issues, identifying vulnerabilities, staying current on regulatory and legal changes, and applying security standards with an impact on Information Security. Proven hands-on experience with advanced network/ endpoint forensics and tools, including configuration and daily management.

• 2+ years of experience in Incident Response leading high severity incidents

• 2+ years of experience in Cyber Threat Intelligence/ Threat Hunting and implementing information security and network best practices.
• 5+ years of experience providing expert guidance on security issues affecting business processes and procedures, particularly those exploitable by external threat actors
• Ability and willingness to participate in on-call rotations and work non-standard hours when necessary.

• Proficiency with ServiceNow SIR, Microsoft Sentinel, Splunk, Tanium, and Defender XDR, Databricks, Wireshark, Cloudflare, Endpoint Forensics.

• Strong working knowledge of network and endpoint security principles, current threat and attack trends, and core security concepts.

• Experience developing and implementing training programs and remedial actions as needed to mitigate security risks.

• Ability to thrive in a fast-paced environment, adapt quickly to technological and business changes, and display sound judgment while solving complex problems.
• Exceptional verbal and written communication skills, with the ability to articulate complex security concepts clearly and effectively.
• Continued professional development and certifications such as CISSP, CISM, GSEC, GCIA, or CIPP/US.

#LI-Remote

This is a remote position.

The compensation range describes the typical minimum or maximum base pay range for this position. The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Adventure accounts
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education& tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives

Why work for HealthEquity

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more.

Come be your authentic self

HealthEquity, Inc. is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity's applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity is committed to your privacy as an applicant for employment. For information on our privacy policies and practices, please visit HealthEquity Privacy.