Job DescriptionJoin one of the nation's most comprehensive academic medical centers,
UChicago Medicine as an
Information Security Engineer - Security Automation and Response for the
Information Security department. This is a remote, work from home opportunity, and you may be based outside of the greater Chicagoland area.
Under general direction of the Information Security Operations Manager, implementing, deploying, and optimizing Automation using SOAR playbook development, Logging, AI driven workflows, streamline incident response, and improve SOC operational efficiency. Participate in threat investigation and Incident response.
Essential Job Functions- Develop, implement, and maintain SOAR playbooks to automate repetitive security tasks, such as alert triage, threat investigation, and incident response, using tools like SOAR, Python, and API integrations.
- Knowledge of threat detection development, automation of SOAR development, and Incident Response.
- Support initiatives working with Information Security Operations Manager to advance Security Operations capabilities using AI.
- Investigate malware, intrusions, unauthorized access, and data infiltration and exfiltration events
- Analyze logs, memory, disk images, and network captures to determine attack scope and impact
- Dedicate efforts to staying informed on cyber threats and standard processes to consistently enhance Security Operations Center capabilities
- Excellent knowledge of security information and event management (SIEM) platforms including query language (Yara-L, CQL, SPL, etc.)
- Participate in Purple Team activity.
- Participate in on-call rotation and respond to critical security events
Required Qualifications- BS or BA degree, Computer Science, Engineering, or equivalent education, training or work experience
- 5 years of Security experience, or equivalent training and education
- Knowledge of computing systems, data network communications, and network architecture
- Effective written and verbal communication skills
- Experience in SOAR playbook development
- Scripting or programming skills (Python, PowerShell, Go, etc.) required.
- Experience in Incident Response and Threat investigation.
- Experience in Threat detection
- Understanding of logging systems
- Security related certifications are preferred. (GIAC, CISSP)
Position Details- Job Type/FTE: Full Time (1.0 FTE)
- Shift: Day
- Location: Remote
- Unit/Department: Information Security
- CBA Code: Non-Union
Compensation & Benefits OverviewUChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.
The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.
Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.