Work Schedule

This is a full-time, exempt (salaried) position assigned to a First Shift schedule, with standard business hours of Monday through Friday, 8:00 a.m. to 5:00 p.m. Business needs may occasionally require flexibility in work hours, including earlier, later, or additional hours, with reasonable notice provided when possible.

Applicants who live within 35 miles of either the Burlington, NC or Durham, NC location will follow a hybrid schedule. This schedule includes a minimum of three in-office days per week at an assigned location, either Burlington or Durham, supporting both collaboration and flexibility.

RESPONSIBILITIES

• Serve as the lead responder for validated cyber incidents-prioritizing threats that could impact clinical operations, electronic health records (EHR), connected medical devices, or protected health information (PHI).
• Coordinate with technical and clinical stakeholders to contain and remediate threats across hospitals, clinics, and remote care environments.
• Drive improvements to the Incident Response Plan-ensuring readiness for ransomware, business email compromise, and other threats.
• Lead triage, containment, and root cause analysis of events affecting clinical applications, patient portals, imaging systems, and backend infrastructure.
• Analyze logs and EDR telemetry from a wide range of systems-medical devices, cloud applications, employee workstations, and data exchange platforms
• Perform investigations across Windows, Linux, iOS, and cloud platforms, using SIEM and manual log analysis where required.
• Lead stakeholder briefings during high-severity incidents.
• Enrich investigations using internal threat intel, OSINT, and health sector-specific sources (e.g., H-ISAC, HC3 bulletins).
• Contribute to detection engineering and playbook development aligned with healthcare-specific threat vectors.
• Write post-incident reports with clear insights for operational, risk, and compliance teams.

MINIMUM REQUIREMENTS

• Bachelor's Degree.
• 3 or more years of experience in cybersecurity.
• 5 or more years of experience in Windows and Linux OS investigations, network protocol analysis, and EDR telemetry.
• 2 or more years of experience with incident response frameworks (NIST 800-61, HITRUST IRM, etc.) and adversary models (MITRE ATT&CK, Cyber Kill Chain).
• 2 or more years of experience in SIEM (e.g., Splunk, Anvilogic), EDR platforms (e.g., CrowdStrike, SentinelOne), and forensic tools.

ADDITIONAL JOB STANDARDS

• Hands-on incident response experience in large enterprise environments (30K+ users, multiple business units or hospitals).
• Strong understanding of HIPAA security rule, HITECH, and how regulatory requirements intersect with incident handling.
• Familiarity with common healthcare systems such as Epic, Cerner, HL7/FHIR interfaces, or IoMT devices.
• Proficient in writing detection rules and custom signatures to identify malicious activity.
• PowerShell, Python, or Bash scripting skills.
• Clear communicator with experience handling sensitive incidents in regulated industries.
• Ability to lead investigations that involve patient data and coordinate with privacy and compliance officers.
• Exposure to healthcare IT, hospital systems, or regulated environments.

As a core member of the Office of Information Security's Detection and Response Team (DaRT), the Senior Incident Responder plays a mission-critical role in protecting patient care, safeguarding sensitive health information, ensuring clinical continuity, and enabling diagnostic and genetic innovation. This position leads the investigation, containment, and resolution of cybersecurity incidents that could impact the confidentiality, integrity, or availability of systems across the enterprise.

You'll collaborate across clinical, IT, and compliance teams to respond to security threats. You'll handle escalated events from the SOC, perform technical investigations, and lead recovery efforts while maintaining compliance with requirements associated with HIPAA, HITRUST, GDPR, etc. If you're driven by purpose, technically sharp, and thrive in fast-paced environments where security meets patient care-this is the role for you.

Application Window closes 6/10/2026

Pay Range: $75K - 160K annual salary

All job offers will be based on a candidate's skills and prior relevant experience, applicable degrees / certifications, as well as internal equity and market data.

Benefits: Employees regularly scheduled to work 20 or more hours per week are eligible for comprehensive benefits including: Medical, Dental, Vision, Life, STD/LTD, 401(k), Paid Time Off (PTO) or Flexible Time Off (FTO), Tuition Reimbursement and Employee Stock Purchase Plan. Employees regularly scheduled to work less than 20 hours, Casual, Intern, and Temporary employees are only eligible to participate in the 401(k) Plan. Employees who are regularly scheduled to work a 7 on 7 off schedule are eligible to receive all the foregoing benefits except PTO or FTO. For more detailed information, please click here.