Role Description We are seeking a highly skilled and motivated Incident Response Coordinator to join our Security Operations team. This role involves planning, coordinating, and managing responses to security incidents, ensuring accurate execution of processes and timely completion of documentation and communications. The ideal candidate for the Incident Response Coordinator role is an experienced professional with the soft skills that enable effective performance in high-stakes environments: - Active listener with strong analytical and problem-solving abilities - Ability to confidently communicate clear, concise updates to diverse stakeholders - Exhibits adaptability, attention to detail, and a commitment to ethical practices Personnel performing this role may unofficially or alternatively be called: - Incident Handler - Incident Responder - Incident Response Analyst - Incident Response Engineer - Intrusion Analyst - Computer Network Defense Incident Responder - Computer Security Incident Response Team Engineer Qualifications - Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field or equivalent work experience of 5 years or more - Minimum of 2 years of experience in cybersecurity incident response or a related role Requirements - Coordinate the investigation, containment, recovery, and remediation of cybersecurity incidents - Serve as the primary contact during incidents, providing status updates - Monitor and analyze network traffic, security logs, and alerts - Document after action incident details, actions taken, timelines, and lessons learned - Conduct periodic incident response exercises, deliver training, and raise awareness - Collect intrusion artifacts and use discovered data to enable mitigation - Continuously review and improve the incident response plan - Perform initial triage and analysis of security incidents - Guide cross-functional teams to contain threats and restore normal operations - Coordinate with Corporate Leadership, Security Operations Center (SOC), and external parties - Lead after-action reviews, publish findings, and recommend mitigation measures - Stay current with evolving threats, vulnerabilities, and best practices Benefits - Equal employment opportunities to all employees and applicants - Prohibits discrimination and harassment of any type Preferred Qualifications - Outstanding English language communication skills, both written and verbal - Professional certifications such as CISSP, ECIH, GCFE, GCIH - Experience with digital forensics and malware analysis - Knowledge of network protocols and security architecture - Familiarity with malware types and attack methods - Experience with scripting and automation tools Physical Requirements - Prolonged periods of sitting at a desk and working on a computer

Role Description The Cybersecurity Operations Analyst supports and advances the organization’s Information Security program by protecting the enterprise against evolving cyber threats. This role is responsible for participating in incident response activities, investigating and analyzing security events, optimizing security controls, and collaborating cross-functionally to strengthen the organization’s overall security posture. The Cybersecurity Operations Analyst provides hands-on technical leadership through proactive threat hunting and the continuous enhancement of detection and response capabilities. This position contributes to the ongoing evolution of Versant Health’s cybersecurity operations by leveraging leading security technologies, partnering with internal stakeholders, and staying current on emerging threats and attack methodologies. Where you will have an impact - Security Hygiene & Control Validation - Routinely audit and validate security control coverage (e.g., XDR, ZTNA, DLP) to ensure tools are operating effectively and protect 100% of intended assets. - Partner with the SOC to ensure log integrity across security and non-security systems; validate alert scope, fidelity, and thresholds. - Monitor the health and performance of security tools, performing root cause analysis when agents fail or policies are not properly applied. - Incident Response, Event Monitoring, & Threat Hunting - Serve as the Tier 2 escalation point for the SOC and lead the full incident response lifecycle, from containment through recovery. - Conduct proactive threat hunting using threat intelligence, SOC findings, and behavioral analysis to identify threats that bypass automated controls. - Analyze threat intelligence to inform defensive strategies and continuously improve detection capabilities. - Collaborate with the SOC to develop, refine, and maintain incident response playbooks aligned to business context. - Monitor and analyze security alerts from SIEM, EDR, and other tools to identify and respond to potential threats. - Implement and enforce security controls, policies, and procedures to protect organizational assets. - Blue, Red, and Purple Team Activities - Engage in the development and execution of recurring security wargames, including scenario design and cross functional participation. - Actively participate in blue team activities focused on defensive security, detection, and incident response. - Collaborate in purple team exercises to validate detection and response effectiveness against real world attack scenarios. - Participate in internal red team exercises, penetration tests, and simulated attacks to identify security gaps and control weaknesses. - Perform adversary emulation by modeling tactics, techniques, and procedures (TTPs) of known threat actors. - Share insights, lessons learned, and intelligence across teams to continuously improve security posture. - Use findings from offensive testing to optimize SIEM rules, EDR/CASB/SWG policies, firewall configurations, and other security controls. - Security Tool Management - Configure, maintain, and optimize a broad portfolio of security technologies, including: - Security Information and Event Management (SIEM): Log aggregation, correlation, tuning, and alerting. - Endpoint Detection and Response (EDR): Threat detection and response across endpoint environments. - Attack Surface & Exposure Management (ASM/AEM): Continuous discovery and prioritization of vulnerabilities and exposures. - Cloud Access Security Broker (CASB): Enforcement of security controls for cloud applications and services. - Secure Web Gateway (SWG): Inspection of web traffic and protection against web-based threats. - Data Loss Prevention (DLP): Design, implementation, and management of policies to prevent unauthorized data exfiltration across endpoints, networks, and cloud environments. - Security Operations & Support - Respond to and resolve security related tickets and user inquiries. - Provide guidance and best practice recommendations to end users and IT partners. - Troubleshoot security tool issues and perform root cause analysis. - Documentation, Reporting, & Communication - Create and maintain detailed documentation for incident response procedures, security tool configurations, and security advisories. - Generate and present reports on security incidents, trends, and overall security posture to management. - Communicate clearly and effectively with stakeholders during and after security incidents. Qualifications - 3+ years of experience in cybersecurity, with a focus on security operations and incident response. - Bachelor’s degree from an accredited college or university or equivalent professional experience. - Hands-on experience administering and maintaining SIEM, EDR, and related security tools. - Understanding of networking concepts, TCP/IP, Active Directory, DNS, DHCP, and network defense technologies. - Proficiency with Windows, Linux, and macOS operating systems. - Experience with cloud security platforms (e.g., AWS, Azure). - Knowledge of secure engineering principles and technical security testing methodologies. Requirements - All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI). - Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. - Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program. Benefits - Comprehensive and competitive total rewards package designed to support your health, financial well-being, and work-life balance. - Medical, dental, and paid vision coverage. - Paid time off and company holidays. - Retirement savings with employer contribution. - Employee wellness resources. - Professional development opportunities. - Flexible work arrangements. - Employee assistance programs.

• Monitor and defend network perimeter interfaces against malicious traffic. • Analyze inbound and outbound network traffic for anomalies and threats. • Perform real-time security event analysis using SIEM and other advanced security tools. • Correlate and triage security alerts and indicators generated by monitoring systems. • Investigate and respond to suspected phishing emails and related incidents. • Manage and resolve cybersecurity-related requests received via phone, email, or internal ticketing systems promptly and accurately. • Execute routine assignments and projects while applying deep knowledge of security operations. • Identify and recommend process improvements to enhance efficiency and quality within the SOC. • Ensure availability and proper functioning of security technologies, including IDS/IPS, Web Application Firewalls, DLP, syslog servers, and vulnerability scanners. • Stay current on emerging cybersecurity trends and technologies; assess their impact and collaborate with leadership to integrate improvements into security operations. • Support organizational and departmental initiatives by promoting best practices and contributing to change management efforts.

• Monitor, analyze, and correlate security events across SIEM platforms, EDR/XDR solutions, IDS/IPS systems, Threat intelligence feeds • Investigate and validate security incidents, determine root cause • Perform deep-dive analysis of suspicious activity • Conduct incident response activities including containment, eradication, and recovery support • Develop detailed incident reports, timelines, post-incident summaries • Recommend improvements to SOC playbooks, detection rules • Perform proactive threat hunting using MITRE ATT&CK framework • Collaborate with engineering teams to tune and optimize security tools • Support dashboard creation, reporting, and SOC performance metrics • Serve as a subject matter expert (SME) interacting with stakeholders • Document SOC processes, runbooks, incident handling procedures • Coordinate with SOC teams, engineering teams, and agency stakeholders