INTRODUCTION

Experience the HCA Healthcare difference where colleagues are trusted, valued members of our healthcare team. Grow your career with an organization committed to delivering respectful, compassionate care, and where the unique and intrinsic worth of each individual is recognized. Submit your application for the opportunity below:Lead Cyber Insider Threat EngineerHCA Healthcare

NOTE: ELIGIBILITY FOR BENEFITS MAY VARY BY LOCATION.

We are seeking a Lead Cyber Insider Threat Engineer for our team to ensure that we continue to provide all patients with high quality, efficient care. Did you get into our industry for these reasons? We are an amazing team that works hard to support each other and are seeking a phenomenal addition like you who feels patient care is as meaningful as we do. We want you to apply!

JOB SUMMARY AND QUALIFICATIONS

The Lead Cyber Insider Threat Engineer will lead the development and execution of a formal Insider Threat Detection and Response program. This role will serve as a critical line of defense against sophisticated insider threats by working closely with our Cyber Operations and Threat Intelligence teams to detect, investigate, and mitigate risks that could impact our patients, the communities we serve, people, and our organization.
The role’s primary responsibility will be to build out and operationalize HCA’s Insider Threat Program; This includes designing and implementing a formal governance structure, establishing cross-functional collaboration with Information Security leadership, Ethics & Compliance, and Legal, and HR aligning the program to industry best practices (EX: Carnegie Mellon CERT, DNI NITTF). This role requires a seasoned professional with a proven track record of building Insider Threat programs and someone who can translate complex risk scenarios into actionable program components, foster stakeholder buy-in and drive continuous improvement. This role will need to develop Policies, Threat Models, Insider Threat Training Materials, and provide advisories to senior leadership.
Other responsibilities include focusing on technical execution and capability enhancement. This includes leading complex investigations into potential insider threat activity, maintaining\tuning insider threat management tools (ITM) and collaborating with Threat Intelligence and DFIR teams to improve operational procedures. The engineer will also contribute to proactive threat hunting efforts and ensure that insider threat capabilities remain current, effective, and well-documented.

RELEVANT WORK EXPERIENCE

• 7+ years

EDUCATION

• Bachelor’s Degree Preferred

OTHER/SPECIAL QUALIFICATIONS

• Effective team management skills
• Effective time management skills
• Effective organizational skills
• Effective written and oral communication skills
• Effective analytical skills
• Effective project management skills
• Creative problem solving
• Competent using the Microsoft Office suite of products.
• Familiarity with Incident Response and ability to work efficiently and effectively under stress.
• Effective investigative skills to question data and behavior in an effort to uncover truth during forensic investigations.

• Lead the creation of a formal Insider Threat Detection and Response Program, grounded in frameworks such as Carnegie Mellon CERT and the National Insider Threat Task Force (NITTF). Define the program’s mission, scope, and governance model to ensure enterprise-wide alignment and accountability.
• Work with Cyber Operations and IT leadership to create governance documentation, including charters, escalation protocols, and decision-making frameworks. Ensure the program is embedded within the broader enterprise risk and compliance ecosystem.
• Serve as the primary liaison between Cyber Security Operations, Ethics & Compliance, Legal, HR, and other business units. Build relationships with our partner teams to ensure insider threat mitigation is integrated into enterprise risk management and employee lifecycle processes.
• Author and maintain insider threat policies, procedures, and standards that are actionable, measurable, and aligned with regulatory and organizational requirements (HR, Legal, Ethics). Ensure these are regularly reviewed and updated to reflect evolving threats and business needs.
• Establish reportable metrics and reporting mechanisms to measure program maturity, effectiveness, and responsiveness. Deliver regular briefings to executive leadership and governance bodies.
• Conduct and coordinate complex investigations into suspected insider activity, including data exfiltration, unauthorized access, and policy violations. Collaborate with DFIR, Cyber Threat Intelligence, and Legal to ensure investigations are thorough, timely, and legally defensible.
• Maintain and tune Insider Threat Management (ITM) platforms and work with partner teams to support ITM tool deployment via SCCM, Intune, etc.. Ensure configurations support investigative workflows, data collection, and alerting capabilities remain consistent across Windows and macOS endpoints.
• Participate in proactive threat hunting activities using internal threat intelligence and industry-reported indicators of compromise (IOCs). Use findings to inform detection logic, investigative playbooks, and risk mitigation strategies.
• Collaborate with Cyber Defense Center (CDC) and threat intelligence teams to refine standard operating procedures (SOPs) for insider threat detection, escalation, and response. Ensure alignment with broader incident response protocols.
• Maintain detailed documentation of investigative processes, tool configurations, and operational workflows. Ensure documentation supports audit readiness, knowledge transfer, and program continuity.
• Contribute to the development of tabletop exercises, simulation scenarios, and technical training to enhance organizational readiness and response capabilities related to insider threats.