Cybersecurity Senior Engineer Incident Response at CommonSpirit Health (Phoenix, AZ)

| Phoenix – Mesa – Scottsdale, AZ
Sorry, this job was removed at 11:33 p.m. (CST) on Thursday, March 31, 2022
Find out who's hiring remotely in Phoenix, AZ.
See all Remote Developer + Engineer jobs in Phoenix, AZ
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. & from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.


The purpose of the Cybersecurity Senior Engineer position is to support the Incident Response and Threat Intelligence group program for CommonSpirit Health. This program is responsible for cyber security incident response and investigation including preparation, documentation, and coordination with other teammates and teams, assisting with eradication and recovery, and any necessary post-incident activities.

The Cybersecurity Senior Engineer, Incident Response and Threat Intelligence position will report to the Director, Threat Intel and Incident Response as part of the overall Fusion Center focused on identifying, protecting, responding and containing threats and Vulnerabilities to the overall CommonSpirit organization.

The expectations for this position are:
  • Participate in a lead role in the Cyber Security Incident Response Team (CSIRT). Lead CSIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
  • Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities, including collaboration with Cyber engineers on solution design recommendations.
  • Technical Experience with cyber security investigative technologies such as SIEM, packet capture analysis, host forensics and memory analysis tools
  • Assist in the development of incident handling processes, standard operating procedures, playbooks and runbooks with ability to analyze and implement the technical changes required within IR tools necessary to meet those processes.
  • Ability to analyze data and communicate malicious behavior discoveries to non-technical consumers
  • Extensive experience in leading cyber-attack investigations and of working in a similar 24/7 environments managing cases with enterprise SIEM or Incident Management systems
  • Produce actionable intelligence in the form of alerts, reports, and briefings.

The Cybersecurity Senior Engineer will work with the following internal and external stakeholders in the course of their responsibilities:
  • Cybersecurity Analysts and Engineers and leaders within the Cyber Fusion Center
  • Cybersecurity Analysts and Engineers and leaders within Cybersecurity Engineering
  • Analyst and Engineers and leadership within Infrastructure, Application and Digital areas
  • Managers and Directors and Executive leadership as needed within Infrastructure, Application and Digital areas
  • Vendors, partners, and other relevant external stakeholders
Essential Key Job Responsibilities
  • Become an expert in CommonSpirit Health's technology stack to understand points of weakness and opportunities for security solutions
  • Investigate, triage, contain, and mitigate complex cybersecurity alerts and incidents using various cyber security tools such as: EDR, SIEM and CASB.
  • Determine nature and scale of complex threats and provide recommended containment actions
  • Design, Build, Manage internal tools for incident detection workflow and response orchestration
  • Create and tune complex data models and/or SIEM alerts for automated response orchestration and systemic improvement
  • Create and tune Use Cases as identified per roadmap and opportunity identification
  • Reviews threat intelligence reports and feeds, makes recommendations and leads implementations for profile or toolset changes based on reviews.
  • Perform threat hunting exercises by developing detection rules and analyzing cybersecurity data to discover complex activity not seen within the environment
  • Collaborate with internal stakeholders and leadership on addressing systemic security issues
  • Extensive experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
  • Conduct trending and correlation of multiple cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency
  • Demonstrated understanding of complex threat modeling techniques, in a cyber intelligence or cyber operations environment
  • Ability to maintain or develop professional contacts in the cyber security community and within multiple sectors/industries including healthcare and biomedical research.

The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.


  • Bachelor's Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.
  • 4-5 years required, 5+ years preferred previous experience in related job area: Incident Response, Information Security, Threat Management, Forensics/eDiscovery, Network or System Administration
  • Previous experience in IT security/system/network operations and administration or programming preferred.
  • Two or more relevant technical/professional security certifications (such as: COMPTIA Network+, Security+,
  • SANS/GIAC, EC-Council, CISSP or vendor-specific) preferred.

A compensation range of $98,000 - $127,000 is the reasonable estimate that CommonSpirit in good faith believes it might pay for this particular job based on the circumstances at the time of posting. CommonSpirit may ultimately pay more or less than the posted range as permitted by law.

While you're busy impacting the healthcare industry, we'll take care of you with benefits that include health/dental/vision, FSA, matching retirement plans, paid vacation, adoption assistance, annual bonus eligibility and more!
More Information on CommonSpirit Health
CommonSpirit Health operates in the Healthtech industry. The company is located in Chicago, IL. CommonSpirit Health was founded in 2019. It has 23307 total employees. To see all 10 open jobs at CommonSpirit Health, click here.
Read Full Job Description
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Similar Jobs

Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView CommonSpirit Health's full profileFind similar jobs