Cybersecurity Threat Intelligence Engineer II

Workforce Classification:

Join Our Team: Do Meaningful Work and Improve People’s Lives 

Our purpose, to improve customers’ lives by making healthcare work better, is far from ordinary. And so are our employees. Working at Premera means you have the opportunity to drive real change by transforming healthcare.

To better serve our customers, we are fostering a culture that emphasizes employee growth, collaborative innovation, and inspired leadership. We are dedicated to creating an environment where employees can excel and where top talent is attracted, retained, and thrives. As a testament to these efforts, Premera has been recognized on the 2025 America's Dream Employers list. Newsweek honored Premera as one of America's Greatest Workplaces, America's Greatest Workplaces for Inclusion, and America's Greatest Workplaces For Mental Well-Being, Forbes ranked Premera among America’s Best Midsize Employers for the fourth time.

Learn how Premera supports our members, customers and the communities that we serve through our Healthsource blog:  https://healthsource.premera.com/.

The Cybersecurity Threat Intelligence Engineer II is a member of the Threat Intelligence and Response Team. In this position, you will be responsible for responding to cybersecurity incidents, using critical thinking skills and forensic analysis to ensure that cybersecurity threats are proactively stopped from the Premera network. These threats include actors from Nation State, Cyber-criminal organizations, and Insider Threats. This job is also instrumental in the overall Security Awareness Program where written communication and public speaking to all employees is common.

This is a hybrid role, located on our campus in Mountlake Terrace, Washington.

What you’ll do:

• Apply advanced understanding HITRUST engineering and controls standards.

• Perform risk and severity assessment on cybersecurity events and incidents and then properly escalate or manage in accordance with experience and current processes.

• Act as a technical contributor with advanced knowledge and experience in one or more areas:

  • PICERL (Planning, Investigation, Containment, Eradication, Lessons Learned) process

  • HR related Investigative and Legal Processes

  • Conflict resolution and Clear Partnership

• Analyze gaps found in hunting exercises and minimize the overall threat landscape.

• Set the tempo, priorities, and proper workflow of the team in the day-to-day operations.

• Review and report to the team IT security threat assessments for major changes to systems, applications, and networks. This requires applying knowledge of vulnerability assessment and penetration testing tools.

• Maintain current expertise in security hacks and network penetration methods. Define and document defensive tactics. Define and oversee implementation plans for security configuration changes.

• Provide advanced technical analysis and evidence capture as Level 3 technical support for security incident response.

• Define IT policies, standards, and procedures to assure technical compliance with enterprise security policies and promote consistent use of best practices in information security. This includes regulatory standards such as SOX, HIPAA, PCI, GLBA, and various state and federal privacy laws.

• Mentor and guide junior Information Security Engineers in day-to-day operations and tasks.

• Exhibit leadership skills and be able to perform duties with little or no supervision.

What you’ll bring:

Required Qualifications

• Bachelor’s Degree in Information Systems or Business Administration or (4) years of experience.

• (3) years of experience designing, implementing, and troubleshooting networked computer systems, including systems integration, hardware requirements and network design planning, and vendor negotiations for hardware and software which must include:

  • (2) years of experience with secure network and systems architecture, design and implementation, intrusion detection, defense and incident response, security configuration management, access controls design, implementation and security policy, and standards development.

Preferred Qualifications

• Demonstrated understanding of health plan operations and applicable security and privacy legislation.

• Knowledge of business continuity planning practices.

• Knowledge of applicable practices and laws relating to data privacy and protection.

• In-depth knowledge of the following technologies and protocols:  ARP, TCP/UDP, IP, NetBIOS, Radius, 802.1x, Bind/DNS and Active Directory, LDAP, SMTP, DHCP, SSH, SFTP, FTP, TFTP, SNMP, SSL/HTTPS, NTP, Sun, Syslog, VoIP, QoS, VLANs; Wireless protocols: 802.11 specs, WPA/2, WEP, TTLS, PEAP; Routing protocols: RIP/2, OSPF, EIGRP, Frame-relay, and MPLS.  Database systems: SQL Server, Oracle, and MySQL.

• Demonstrated understanding of Operating System architecture as it relates to the functions of the following components: OS kernel, OS kernel modules and device drivers, memory management, inter-process communication, security subsystem, user account rights, user group rights, system logs, I/O functions, network services, file-system permissions, and application interaction with the Operating System.

Knowledge, Skills, and Abilities

• Track record of consistently driving projects to completion and taking accountability for work and results. Confronts tough issues and situations.

• Exemplifies teamwork and serves as a role model while also successfully facilitating collaboration across multiple functions, departments, and levels. Unquestionable ethics and integrity are pertinent.

• Consults with clients and teammates to identify all facets of an issue and generate a solution. Understands potential impacts to processes and systems across organization and factors these into solutions. Excellent conceptualization, analytical, and logic skills.

• Ability to communicate effectively and professionally, both orally and in writing, as well as the ability to articulate and translate technical language to non-technical customers. Influence at all levels across the company within span of control.

• Experience with MS Office Products, especially in pivot tables, pivot charts, and The Power Query editor; building PowerPoint presentations, and database manipulation.

• Have a working knowledge of Linux and be able to utilize this operating system in day-to-day operations, as needed.

• Understand the concept and how to detect, deter, prevent, action on, and educate on Phishing.

• Demonstrate a working knowledge of SMTP headers, TTL, X-additions and how to decipher techniques that are used by adversaries to gain access to the employee via email.

• Knowledge of the inner component and connectivity of MS Office 365.

• AV and malware.

• Troubleshooting techniques.

• Strong understanding on the TTP of Actors (Nation State, Cybercriminal and Commodity).

• Strong understanding of geo-politics and what is taking place in the world and how it affects cyber. Describe in layman terms how actions taken have a direct impact on cyber warfare.

• IOC harvesting and processing. Obtain Indicators of Compromise (IOC) from various sources using a wide variety of methodology to place proactive blocking in place on the network to prevent such IOC’s from entering and harming the Premera Infrastructure.

• Vulnerability assessment.

• Identify code similarities and infrastructure overlaps.

• Understand cyber killchain, diamond model, and victimology.

• Adversary / Infrastructure / Victims / Capabilities.

Physical Requirements

The following have been identified as essential physical requirements of this job and must be performed with or without an accommodation:

• This is primarily a sedentary role which requires the ability to exert up to 10 lbs. of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects, including the human body.

• This role requires the ability to keyboard and to communicate clearly and understandably in person and over the telephone.

Premera total rewards

Our comprehensive total rewards package provides support, resources, and opportunities to help employees thrive and grow. Our total rewards are more than a collection of perks, they're a reflection of our commitment to your health and well-being. We offer a broad array of rewards including physical, financial, emotional, and community benefits, including:

• Medical, vision, and dental coverage with low employee premiums.

• Voluntary benefit offerings, including pet insurance for paw parents.

• Life and disability insurance.

• Retirement programs, including a 401K employer match and, believe it or not, a pension plan that is vested after 3 years of service.

• Wellness incentives with a wide range of mental well-being resources for you and your dependents, including counseling services, stress management programs, and mindfulness programs, just to name a few.

• Generous paid time off to reenergize.

• Looking for continuing education? We have tuition assistance for both undergraduate and graduate degrees.

• Employee recognition program to celebrate anniversaries, team accomplishments, and more.

For our hybrid employees, our on-campus model provides flexibility to create your own routine with access to on-site resources, networking opportunities, and team engagement.

• Commuter perks make your trip to work less impactful on the environment and your wallet.

• Free convenient on-site parking.

• Subsidized on-campus cafes make lunchtime connections with colleagues fun and affordable.

• Participate in engaging on-site activities such as health and wellness events, coffee connects, disaster preparedness fairs and more.

• Our complementary fitness & well-being center offers both in-person and virtual workouts and nutritional counseling.

• Need a brain break? Challenge someone to a game of shuffleboard or ping pong while on campus.

Equal employment opportunity/affirmative action:

Premera is an equal opportunity/affirmative action employer. Premera seeks to attract and retain the most qualified individuals without regard to race, color, religion, sex, national origin, age, disability, marital status, veteran status, gender or gender identity, sexual orientation, genetic information or any other protected characteristic under applicable law.

If you need an accommodation to apply online for positions at Premera, please contact Premera Human Resources via email at careers@premera.com or via phone at 425-918-4785.

The pay for this role will vary based on a range of factors including, but not limited to, a candidate’s geographic location, market conditions, and specific skills and experience.

The salary range for this role is posted below; we generally target up to and around the midpoint of the range.

National Plus Salary Range:

*National Plus salary range is used in higher cost of labor markets including Western Washington and Alaska.

We’re happy to discuss compensation further during the interview because we believe that open communication leads to better outcomes for all. We’re committed to creating an environment where all employees are celebrated for their unique skills and contributions.