Lead Information Security Analyst

We are seeking a Lead Information Security Analyst to serve as our Incident Response/SOC SME, ideally with prior experience as a Security Incident Response Leader (SIRL). This role will lead incident response strategy and execution, with hands-on expertise in operational Splunk Enterprise Security (SIEM), Microsoft Defender security suite (including Endpoint, Identity, and Servers), and SOAR playbook automation.

The successful candidate will be responsible for leading complex incident investigations, coordinating responses across IT and clinical teams, and driving ongoing improvements in security operations. You will also mentor SOC analysts, enhance detection capabilities, and ensure that lessons learned are integrated into practices.

• Incident Response Leadership (SIRL)
  • Act as the Security Incident Response Leader during high-severity events, directing containment, remediation, and recovery efforts.
  • Serve as the escalation point for SOC analysts and ensure timely, coordinated response actions.
  • Develop and maintain incident response frameworks, including runbooks, playbooks, and post-incident reviews.
  • Partner with executive leadership, clinical staff, and external stakeholders (law enforcement, MSSPs) to manage incident communications.
• Splunk Enterprise Security SME
  • Maintain and optimize Splunk ES detections, correlation rules, dashboards, and reporting.
  • Guide SOC analysts on triage, alert enrichment, and threat-hunting practices.
• SOAR & Automation
  • Build and manage security orchestration and automated response playbooks.
  • Orchestrate integrations across SIEM, EDR, vulnerability management, and identity systems...etc.
• Documentation & Reporting
  • Produce accurate documentation for incidents, including executive-level summaries and technical after-action reports.
  • Ensure incident response processes and playbooks are continuously updated.
• Preparedness & Training
  • Lead tabletop exercises, red/blue team simulations, and cyber range events.
  • Mentor and coach SOC analysts to elevate detection and response maturity.
    

Minimum Education

• Bachelor's degree in a computer science, math, engineering, or another relevant discipline or equivalent training and work experience (Required)
  
  Minimum Work Experience
• 10+ years of experience in cybersecurity with a focus on vulnerability management, cybersecurity operations, analysis, forensics and/or investigations (Required)
  
  Required Skills/Knowledge
• Experience leading in the application of key cybersecurity practices, controls, and frameworks
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences
• Experience leading cybersecurity auditing, compliance, and policy
• Experience leading cybersecurity risk assessments, vulnerability management, penetration testing, and threat identification.
• Experience leading the management of access controls including identity, active directory, privileged account management, and authentication
• Experience leading cybersecurity incident response, risk remediation, business continuity, disaster recovery, and cyber operations.
  
  Functional Accountabilities
  Cybersecurity Analysis
• Oversees the Identification, documentation, and reporting of cybersecurity risks

• Leads the development of Information Security policies, standards, and procedures.

• Leads engagement with senior leaders of CNH business units to ensure security of assets, applications, and data

• Leads the application of procedures and systems associated with managing access to CNH systems, data, and other assets

• Leads the execution of responses associated with cybersecurity incidents, as required