Lead Information Security Analyst

Overview

We are seeking a Lead Information Security Analyst to serve as our Incident Response/SOC SME, ideally with prior experience as a Security Incident Response Leader (SIRL). This role will lead incident response strategy and execution, with hands-on expertise in operational Splunk Enterprise Security (SIEM), Microsoft Defender security suite (including Endpoint, Identity, and Servers), and SOAR playbook automation.

• Incident Response Leadership (SIRL)
  • Act as the Security Incident Response Leader during high-severity events, directing containment, remediation, and recovery efforts.
  • Serve as the escalation point for SOC analysts and ensure timely, coordinated response actions.
  • Develop and maintain incident response frameworks, including runbooks, playbooks, and post-incident reviews.
  • Partner with executive leadership, clinical staff, and external stakeholders (law enforcement, MSSPs) to manage incident communications.
• Splunk Enterprise Security SME
  • Maintain and optimize Splunk ES detections, correlation rules, dashboards, and reporting.
  • Guide SOC analysts on triage, alert enrichment, and threat-hunting practices.
• SOAR & Automation
  • Build and manage security orchestration and automated response playbooks.
  • Orchestrate integrations across SIEM, EDR, vulnerability management, and identity systems.
• Documentation & Reporting
  • Produce accurate documentation for incidents, including executive-level summaries and technical after-action reports.
  • Ensure incident response processes and playbooks are continuously updated.
• Preparedness & Training
  • Lead tabletop exercises, red/blue team simulations, and cyber range events.
  • Mentor and coach SOC analysts to elevate detection and response maturity.

• Bachelor's degree in computer science, math, engineering, or another relevant discipline or equivalent training and work experience (Required)

• 10+ years of experience in cybersecurity with a focus on vulnerability management, cybersecurity operations, analysis, forensics and/or investigations (Required)

• Experience leading in the application of key cybersecurity practices, controls, and frameworks
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences
• Experience leading cybersecurity auditing, compliance, and policy
• Experience leading cybersecurity risk assessments, vulnerability management, penetration testing, and threat identification.
• Experience leading the management of access controls including identity, active directory, privileged account management, and authentication
• Experience leading cybersecurity incident response, risk remediation, business continuity, disaster recovery, and cyber operations.

• Cybersecurity Analysis
  • Oversees the Identification, documentation, and reporting of cybersecurity risks
• Leads the development of Information Security policies, standards, and procedures.
• Leads engagement with senior leaders of CNH business units to ensure security of assets, applications, and data
• Leads the application of procedures and systems associated with managing access to CNH systems, data, and other assets
• Leads the execution of responses associated with cybersecurity incidents, as required