Job Description

POSITION SUMMARY:

The Cybersecurity Engineer is responsible for supporting cyber defense operations through tiered response, tool-agnostic analysis, AI-enabled workflows, and contributions to cyber resiliency and exposure management. This role addresses more challenging Tier-2 ticket resolutions elevated from Cybersecurity Threat Analysts and designs and implements detections, automations, and controls spanning multiple platforms. Engineers co-lead threat hunting, exposure reduction campaigns, and engineer workstreams.

WORK ENVIRONMENT AND TRAVEL REQUIREMENTS:

This position is: Onsite/Hybrid (3 - 4 days/wk onsite)

Travel requirements: Up to 25% travel

ESSENTIAL FUNCTIONS:
• Perform ticket queue management assigning tickets to appropriate personnel and ensuring proper triage, investigation, remediation and documentation of corrective actions are in company ticketing systems.
• Serve as co-lead for complex cybersecurity investigations / activities.
• Operate as functional owner of a major security control area, security tool module.
• Administer and tune security platforms; performing daily checks to verify appropriate connections are functioning as designed and policies are set in place.
• Translate threat intel and TTPs (MITRE ATT&CK) into actionable detections and hardening guidance (MITRE D3FEND).
• Build advanced detections/analytics and automation for response enrichment.
• Produce advanced metrics and executive-ready reports.
• Support cyber defense operations across detection, prevention, protection, response, and remediation functions.
• Utilize AI-assisted analysis and automation to improve accuracy and efficiency of investigations, verifying content for accuracy.
• Support exposure management activities including vulnerability analysis and risk-based prioritization.
• Document actions, findings, and recommendations in accordance with policy.
• Maintain awareness of emerging threats, vulnerabilities, and adversary techniques.
• Mentor Cyber Threat Analysts.

KNOWLEDGE, SKILLS & ABILITIES:
• Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience. Master's degree a plus.
• Experience: 3-5+ years in security operations, incident response, cybersecurity/IT roles, or related technical roles with hands-on engineering and systems deployment.
• Certifications (preferred): CompTIA Cybersecurity Analyst (CySA+), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Enterprise Defender (GCED), or similar.
• Clearances/Background: Able to pass healthcare compliance/background checks.

Skills and Abilities:
• Curiosity and willingness to learn new technologies, including use of AI and AI-enabled security capabilities.
• Advanced understanding of identity threats (MFA fatigue, token theft, OAuth abuse), email threats, EDR evasion, and cloud/system misconfigurations.
• Ability to translate adversary TTPs into engineering changes and executive-level risk narratives.
• Deep insight of identity, compliance frameworks, and common attack vectors.
• Advanced computer skills including use of email, word processing, data entry, and spreadsheets.
• Advanced use of security, automation, AI tools within policy constraints
• Strong collaboration across teams, IT, applications, and clinical operations.
• Strong analytical and critical thinking skills; ability to solve complex cyber problems
• Strong written and verbal communication skills.
• Ability to author correlated detections from multiple log sources and articulate risk/impact to non-technical stakeholders.
• Ability to organize and manage multiple tasks simultaneously.
• Ability to follow defined processes and escalation paths.

PHYSICAL AND MENTAL DEMANDS:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential job responsibilities.

While performing the duties of this job, the employee is occasionally required to stand; walk; sit for extended periods of time; use hands to finger, handle, feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, bend, crouch or crawl; talk or hear; taste or smell. The employee must occasionally lift and/or move up to 20 pounds. Repetitive motion of upper body is required for extended use of computers. Required specific vision abilities include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.