HCA, Hospital Corporation of America Senior Security Analytics Splunk Engineer in Nashville, Tennessee


At its founding in 1968, Nashville-based HCA was one of the nation's first hospital companies. Today, one of the nation's leading providers of healthcare services, HCA is comprised of locally-managed facilities that include more than 250 hospitals and freestanding surgery centers in 20 states and the United Kingdom, employing approximately 230,000 people. Approximately four to five percent of all inpatient care delivered in the country today is provided by HCA facilities resulting in more than 26M patient encounters each year. HCA is committed to the care and improvement of human life and strives to deliver high quality, cost effective healthcare in the communities we serve. Building on the foundation provided by our Mission & Values, HCA puts patients first and works to constantly improve the care we provide by implementing measures that support our caregivers, help ensure patient safety and provide the highest possible quality.

/Additional Facts:/

• Ranked 63 in Fortune 500 • Competitive Fortune 100, industry matched salaries and yearly merit increase • Computerworld Top 50 Best Places to Work in IT since 2009 • Named one of the “World’s Most Ethical Companies” since 2010 • 106 HCA hospitals are on The Joint Commission’s list of top performers on key quality measures.


The CyberSecurity team is part of the overall Information Protection and Security department and is responsible for protecting HCA’s network from cyber intrusions that may impeded HCA’s mission toward providing care and improvement of human life and delivering high quality, cost-effective healthcare. The team has two areas. The Cyber Defense Center Responders (“SOC”) who perform monitoring and Incident Response. The other team within CyberSecurity is the Cyber Threat Science team that support the capabilities for the CDC.

This role will support the Cyber Threat Science Team within CyberSecurity. The Cyber Threat Science team has the responsibility of applying complex science methodologies to an evolving cyber threat for supporting the Cyber Defense Center(“SOC”) in accomplishing its mission toward monitoring and prudent eradication of cyber threats on the HCA network.

Additional Facts: • Department with industry leading security technologies and high tech “SOC” center • Partial work from home options • Information Security department on average has a tenure of 8 years to complement its positive employee satisfaction results • Working for a “noble cause” in the demanding world of healthcare cybersecurity, your work protects lives • Career development – 13 members from Information Protection and Security have been hired as CISOs at other companies in the past seven years.


The Senior Security Analytics Engineer is a part of the Cyber Analytics team within the Cyber Threat Science Team which is part of CyberSecurity. This technically focused position with the Cyber Analytics team is responsible for performing analytics on the expansive amount of security data that is centrally stored in Cybersecurity’s SIEM(i.e. Splunk) and exposing cyber events of mal-intent that will need investigation by the Cyber Defense Center(CDC).

The Senior Security Analytics Engineer will collaborate with the Cyber Defense Center Incident Responders, Threat Hunter and Intelligence Engineers, Threat Tools Engineers and department leadership.

The Senior Security Analytics Engineer will be programmatically sifting through multiple terabytes that are processed each a day and finding interesting events in the triple digits that need high fidelity for identifying a cyber threat incident on the network which the CDC will provide response. They will be using analytical methodologies of thresholding, statistical heuristics, behavior analytics and machine learning to identify the cyber threat incidents within large amounts of data.

The Senior Security Analytics Engineer can also participate in threat team hunting exercises toward making a hypothesis from collaborative threat modeling and querying large data sets that will proactively expose compromised systems on the network from live cyber-attacks. The query profiles will be used to further threat data model new detections that will go to the CDC for response.


5 years of experience is needed for a successful applicant.


• 5 years of professional experience • Bachelor Degree; In lieu of Degree, five years of experience in school, internships, and/or additional experience.

/• Nice to have Academics or Education:/


o Galvanize, Udacity Data Analyst, or DataCamp Courses o Machine Learning o Neural Networking o Artificial Intelligence o Data Mining o Data Modeling or Structures o Algorithm Analysis o Big Data o Statistics or Advanced Mathematics o Programming/Scripting o CyberSecurity or Information Assurance and Security

/• Nice to have Certifications:/

// o Splunk Certified Power User o Splunk Certified Admin o Splunk Certified Architect • Nice to have Extracurricular activities or Hobbies: o Art or Music o Robotics o Home setup for research (to answer a question, expand thought or self-development) o Community, family, or wellness activities


• Enjoys spending a large percentage of the work day programmatically modeling a large amount of data to make sense out of it to help solve a riddle or someone else’s challenges • Extensive experience with Splunk SPL, Query capabilities, indexers, forwarders, search heads, configuration files, apps, searches(SPL,XML), data models, dashboards, visualizations, alerts and user roles or extensive experience with one or more formal development languages (e.g., Python, R, JavaScript, Ruby, Scala, Clojure) and an aptitude and willingness to learn Splunk. • Experience in Relational/SQL databases; MySQL/MSSQL preferred • I If qualified to the above and partially or not qualified to the below, please still apply. It’s possible the level can be adjusted alongside salary requirements if no other suitable candidates have been identified in a reasonable time. • Understanding of big data technology such as NoSQL, Hadoop, Spark, Hive, MongoDB, Cassandra, Redis, Riak, CouchDB, Neo4j or MapReduce • Experience with execution in projects or project management • Specific expertise/experience in data analysis, modeling and visualization required • Specific expertise/experience in the areas of data structures and data warehousing required. • Experience using a distributed version control system (DVCS; e.g., GitHub, TFS) required. • Experience working in SDLC environment (Agile/Scrum, Waterfall) • ETL experience preferred. • Understanding of REGEX. • Experience with Threat Modeling and Kill-Chain exercises or experience working in cross functional collaborative efforts with other teams similar to DevOps. • Open to further training in Splunk design, SPL, machine learning or user behavior analytics • Occasional travel maybe be required. Mainly from training and conferences. • Preferred experience in building analytic solutions using big data technologies and coding • Preferred understanding of machine learning techniques (i.e. Linear regression, logistic regression, random forest, gradient boosting, neural networks, naïve bayes, singular value decomposition, PCA, K-Means Clustering, K-Nearest Neighbors, Statistical Inference, Bayesian Methods, A/B Testing, Multi-Armed Bandit, Regression, Regularization, Gradient Descent, Supervised Machine Learning: [Classification, Validation, Ensemble Methods], Clustering, Topic Modeling: [NMF, LDA], NLP, Network Analysis, Matrix Factorization, and Time Series)

Job: *Information Technology

Title: Senior Security Analytics Splunk Engineer

Location: Tennessee-Nashville-Corporate Main Campus

Requisition ID: 10207-24465