Senior Cyber Incident Responder

As a core member of the Office of Information Securitys Detection and Response Team (DaRT) the Senior Incident Responder plays a mission-critical role in protecting patient care safeguarding sensitive health information ensuring clinical continuity and enabling diagnostic and genetic innovation. This position leads the investigation containment and resolution of cybersecurity incidents that could impact the confidentiality integrity or availability of systems across the enterprise.

Youll collaborate across clinical IT and compliance teams to respond to security threats. Youll handle escalated events from the SOC perform technical investigations and lead recovery efforts while maintaining compliance with requirements associated with HIPAA HITRUST GDPR etc. If youre driven by purpose technically sharp and thrive in fast-paced environments where security meets patient carethis is the role for you.

Applicants who live within 35 miles of either the Burlington NC or Durham NC location will follow a hybrid schedule. This schedule includes a minimum of three in-office days per week at an assigned location either Burlington or Durham supporting both collaboration and flexibility.

RESPONSIBILITIES

• Serve as the lead responder for validated cyber incidentsprioritizing threats that could impact clinical operations electronic health records (EHR) connected medical devices or protected health information (PHI).
• Coordinate with technical and clinical stakeholders to contain and remediate threats across hospitals clinics and remote care environments.
• Drive improvements to the Incident Response Planensuring readiness for ransomware business email compromise and other threats.
• Lead triage containment and root cause analysis of events affecting clinical applications patient portals imaging systems and backend infrastructure.
• Analyze logs and EDR telemetry from a wide range of systemsmedical devices cloud applications employee workstations and data exchange platforms
• Perform investigations across Windows Linux iOS and cloud platforms using SIEM and manual log analysis where required.
• Lead stakeholder briefings during high-severity incidents.
• Enrich investigations using internal threat intel OSINT and health sector-specific sources (e.g. H-ISAC HC3 bulletins).
• Contribute to detection engineering and playbook development aligned with healthcare-specific threat vectors.
• Write post-incident reports with clear insights for operational risk and compliance teams.

REQUIREMENTS

• 3 years of experience in cybersecurity preferably with exposure to healthcare IT hospital systems or regulated environments.
• Hands-on incident response experience in large enterprise environments (30K users multiple business units or hospitals).
• Strong understanding of HIPAA security rule HITECH and how regulatory requirements intersect with incident handling.
• Familiarity with common healthcare systems such as Epic Cerner HL7/FHIR interfaces or IoMT devices.
• Experience with incident response frameworks (NIST 800-61 HITRUST IRM etc.) and adversary models (MITRE ATT&CK Cyber Kill Chain).
• Proficient in SIEM (e.g. Splunk Anvilogic) EDR platforms (e.g. CrowdStrike SentinelOne ) and forensic tools.
• Strong skills in Windows and Linux OS investigations network protocol analysis and EDR telemetry.
• Proficient in writing detection rules and custom signatures to identify malicious activity.
• PowerShell Python or Bash scripting skills are a plus.
• Clear communicator with experience handling sensitive incidents in regulated industries.
• Ability to lead investigations that involve patient data and coordinate with privacy and compliance officers.

EDUCATION / CERTIFICATIONS

• Bachelors degree in Cybersecurity Information Systems or a related fieldor equivalent experience in a regulated enterprise.
• Preferred certifications include:
  • GCIH GCFA GCFE GNFA GCTI CISSP or HCISPP (Healthcare Certified Information Security and Privacy Practitioner).

Benefits: Employees regularly scheduled to work 20 or more hours per week are eligible for comprehensive benefits including: Medical Dental Vision Life STD/LTD 401(k) Paid Time Off (PTO) or Flexible Time Off (FTO) Tuition Reimbursement and Employee Stock Purchase PRN & Part Time employees regularly scheduled to work less than 20 hours are eligible to participate in the 401(k) Plan only. Employees who are regularly scheduled to work a 7 on/7 off schedule are eligible to receive all the foregoing benefits except PTO or FTO. For more detailed information pleaseclick here.

Labcorp is proud to be an Equal Opportunity Employer:

Labcorp strives for inclusion and belonging in the workforce and does not tolerate harassment or discrimination of any kind. We make employment decisions based on the needs of our business and the qualifications and merit of the individual. Qualified applicants will receive consideration for employment without regard to race religion color national origin sex (including pregnancy childbirth or related medical conditions) family or parental status marital civil union or domestic partnership status sexual orientation gender identity gender expression personal appearance age veteran status disability genetic information or any other legally protected characteristic. Additionally all qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law.

We encourage all to apply

If you are an individual with a disability who needs assistance using our online tools to search and apply for jobs or needs an accommodation please visit ouraccessibility siteor contact us atLabcorp Accessibility. Formore information about how we collect and store your personal data please see ourPrivacy Statement.