Lead Cyber Insider Threat Engineer

Introduction

Do you have the career opportunities as a(an) Lead Cyber Insider Threat Engineer you want with your current employer? We have an exciting opportunity for you to join HCA Healthcare which is part of the nation's leading provider of healthcare services, HCA Healthcare.

Benefits

HCA Healthcare offers a total rewards package that supports the health, life, career and retirement of our colleagues. The available plans and programs include:

• Comprehensive medical coverage that covers many common services at no cost or for a low copay. Plans include prescription drug and behavioral health coverage as well as free telemedicine services and free AirMed medical transportation.
• Additional options for dental and vision benefits, life and disability coverage, flexible spending accounts, supplemental health protection plans (accident, critical illness, hospital indemnity), auto and home insurance, identity theft protection, legal counseling, long-term care coverage, moving assistance, pet insurance and more.
• Free counseling services and resources for emotional, physical and financial wellbeing
  
• 401(k) Plan with a 100% match on 3% to 9% of pay (based on years of service)
  
• Employee Stock Purchase Plan with 10% off HCA Healthcare stock
  
• Family support through fertility and family building benefits with Progyny and adoption assistance.
  
• Referral services for child, elder and pet care, home and auto repair, event planning and more
  
• Consumer discounts through Abenity and Consumer Discounts
  
• Retirement readiness, rollover assistance services and preferred banking partnerships
  
• Education assistance (tuition, student loan, certification support, dependent scholarships)
  
• Colleague recognition program
  
• Time Away From Work Program (paid time off, paid family leave, long- and short-term disability coverage and leaves of absence)
  
• Employee Health Assistance Fund that offers free employee-only coverage to full-time and part-time colleagues based on income.

Learn more about Employee Benefits

Note: Eligibility for benefits may vary by location.

Our teams are a committed, caring group of colleagues. Do you want to work as a(an) Lead Cyber Insider Threat Engineer where your passion for creating positive patient interactions is valued? If you are dedicated to caring for the well-being of others, this could be your next opportunity. We want your knowledge and expertise!

Job Summary 

The Consulting Insider Threat Management Engineer will lead the development and execution of a formal Insider Threat Detection and Response program. This role will serve as a critical line of defense against sophisticated insider threats by working closely with our Cyber Operations and Threat Intelligence teams to detect, investigate, and mitigate risks that could impact our patients, the communities we serve, people, and our organization. 

The role's primary responsibility will be to build out and operationalize HCA’s Insider Threat Program; This includes designing and implementing a formal governance structure, establishing cross-functional collaboration with Information Security leadership, Ethics & Compliance, and Legal, and HR aligning the program to industry best practices (EX: Carnegie Mellon CERT, DNI NITTF). This role requires a seasoned professional with a proven track record of building Insider Threat programs and someone who can translate complex risk scenarios into actionable program components, foster stakeholder buy-in and drive continuous improvement. This role will need to develop Policies, Threat Models, Insider Threat Training Materials, and provide advisories to senior leadership. 

Other responsibilities include focusing on technical execution and capability enhancement. This includes leading complex investigations into potential insider threat activity, maintaining\tuning insider threat management tools (ITM) and collaborating with Threat Intelligence and DFIR teams to improve operational procedures. The engineer will also contribute to proactive threat hunting efforts and ensure that insider threat capabilities remain current, effective, and well-documented. 

Major Responsibilities 

• Lead the creation of a formal Insider Threat Detection and Response Program, grounded in frameworks such as Carnegie Mellon CERT and the National Insider Threat Task Force (NITTF). Define the program’s mission, scope, and governance model to ensure enterprise-wide alignment and accountability. 
• Work with Cyber Operations and IT leadership to create governance documentation, including charters, escalation protocols, and decision-making frameworks. Ensure the program is embedded within the broader enterprise risk and compliance ecosystem. 
• Serve as the primary liaison between Cyber Security Operations, Ethics & Compliance, Legal, HR, and other business units. Build relationships with our partner teams to ensure insider threat mitigation is integrated into enterprise risk management and employee lifecycle processes. 
• Author and maintain insider threat policies, procedures, and standards that are actionable, measurable, and aligned with regulatory and organizational requirements (HR, Legal, Ethics). Ensure these are regularly reviewed and updated to reflect evolving threats and business needs. 
• Establish reportable metrics and reporting mechanisms to measure program maturity, effectiveness, and responsiveness. Deliver regular briefings to executive leadership and governance bodies.
• Conduct and coordinate complex investigations into suspected insider activity, including data exfiltration, unauthorized access, and policy violations. Collaborate with DFIR, Cyber Threat Intelligence, and Legal to ensure investigations are thorough, timely, and legally defensible. 
• Maintain and tune Insider Threat Management (ITM) platforms and work with partner teams to support ITM tool deployment via SCCM, Intune, etc.. Ensure configurations support investigative workflows, data collection, and alerting capabilities remain consistent across Windows and macOS endpoints. 
• Participate in proactive threat hunting activities using internal threat intelligence and industry-reported indicators of compromise (IOCs). Use findings to inform detection logic, investigative playbooks, and risk mitigation strategies. 
• Collaborate with Cyber Defense Center (CDC) and threat intelligence teams to refine standard operating procedures (SOPs) for insider threat detection, escalation, and response. Ensure alignment with broader incident response protocols. 
• Maintain detailed documentation of investigative processes, tool configurations, and operational workflows. Ensure documentation supports audit readiness, knowledge transfer, and program continuity. 
• Contribute to the development of tabletop exercises, simulation scenarios, and technical training to enhance organizational readiness and response capabilities related to insider threats. 

Education & Experience: 

• Bachelor's degree Preferred 
• 7+ years of experience in a relevant field Required 
• Familiarity with Incident Response and ability to work efficiently and effectively under stress. Required 
• Effective investigative skills to question data and behavior in an effort to uncover truth during forensic investigations Required 

Additional Information: 

• Must be in or willing to relocate to the Greater Nashville, TN Area 
• 24x7 On-call rotation support 
• Occasional travel required (<10%) 

HCA Healthcare has been recognized as one of the World's Most Ethical Companies® by the Ethisphere Institute more than ten times. In recent years, HCA Healthcare spent an estimated $3.7 billion in cost for the delivery of charitable care, uninsured discounts, and other uncompensated expenses.

"Bricks and mortar do not make a hospital. People do."- Dr. Thomas Frist, Sr.
HCA Healthcare Co-Founder

If you are looking for an opportunity that provides satisfaction and personal growth, we encourage you to apply for our Lead Cyber Insider Threat Engineer opening. We promptly review all applications. Highly qualified candidates will be contacted for interviews. Unlock the possibilities and apply today!

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.