Lead Information Security Analyst

Lead Information Security Analyst-(250002LU)DescriptionWe are seeking a Lead Information Security Analyst to serve as our Incident Response/SOC SME, ideally with prior experience as a Security Incident Response Leader (SIRL). This role will lead incident response strategy and execution, with hands-on expertise in operational Splunk Enterprise Security (SIEM), Microsoft Defender security suite (including Endpoint, Identity, and Servers), and SOAR playbook automation.The successful candidate will be responsible for leading complex incident investigations, coordinating responses across IT and clinical teams, and driving ongoing improvements in security operations. You will also mentor SOC analysts, enhance detection capabilities, and ensure that lessons learned are integrated into practices.Incident Response Leadership (SIRL)Act as the Security Incident Response Leader during high-severity events, directing containment, remediation, and recovery efforts.Serve as the escalation point for SOC analysts and ensure timely, coordinated response actions.Develop and maintain incident response frameworks, including runbooks, playbooks, and post-incident reviews.Partner with executive leadership, clinical staff, and external stakeholders (law enforcement, MSSPs) to manage incident communications.Splunk Enterprise Security SMEMaintain and optimize Splunk ES detections, correlation rules, dashboards, and reporting.Guide SOC analysts on triage, alert enrichment, and threat-hunting practices.SOAR & AutomationBuild and manage security orchestration and automated response playbooks.Orchestrate integrations across SIEM, EDR, vulnerability management, and identity systems...etc.Documentation & ReportingProduce accurate documentation for incidents, including executive-level summaries and technical after-action reports.Ensure incident response processes and playbooks are continuously updated.Preparedness & TrainingLead tabletop exercises, red/blue team simulations, and cyber range events.Mentor and coach SOC analysts to elevate detection and response maturity. QualificationsMinimum EducationBachelor's degree in a computer science, math, engineering, or another relevant discipline or equivalent training and work experience (Required)Minimum Work Experience10+ years of experience in cybersecurity with a focus on vulnerability management, cybersecurity operations, analysis, forensics and/or investigations (Required)Required Skills/KnowledgeExperience leading in the application of key cybersecurity practices, controls, and frameworksExcellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiencesExperience leading cybersecurity auditing, compliance, and policyExperience leading cybersecurity risk assessments, vulnerability management, penetration testing, and threat identification.Experience leading the management of access controls including identity, active directory, privileged account management, and authenticationExperience leading cybersecurity incident response, risk remediation, business continuity, disaster recovery, and cyber operations.Functional AccountabilitiesCybersecurity AnalysisOversees the Identification, documentation, and reporting of cybersecurity risksLeads the development of Information Security policies, standards, and procedures.Leads engagement with senior leaders of CNH business units to ensure security of assets, applications, and dataLeads the application of procedures and systems associated with managing access to CNH systems, data, and other assetsLeads the execution of responses associated with cybersecurity incidents, as requiredPrimary Location:Maryland-Silver SpringWork Locations:Inventa Towers1 Inventa PlaceSilver Spring20910Job:Information TechnologyOrganization:OperationsPosition Status:R (Regular)-FT - Full-TimeShift:DayWork Schedule:8-5Job Posting:Sep 15, 2025, 1:57:58 PMFull-Time Salary Range:128452-214087