Children's National Medical Center
Lead Information Security Analyst
Children's National Medical Center, Silver Spring, Maryland, United States, 20900
Overview
Lead Information Security Analyst - ( 250002LU ). We are seeking a Lead Information Security Analyst to serve as our Incident Response/SOC SME, ideally with prior experience as a Security Incident Response Leader (SIRL). This role will lead incident response strategy and execution, with hands-on expertise in operational Splunk Enterprise Security (SIEM), Microsoft Defender security suite (including Endpoint, Identity, and Servers), and SOAR playbook automation. The successful candidate will lead complex incident investigations, coordinate responses across IT and clinical teams, and drive ongoing improvements in security operations. You will also mentor SOC analysts, enhance detection capabilities, and ensure that lessons learned are integrated into practices.
Responsibilities
Incident Response Leadership (SIRL)
Act as the Security Incident Response Leader during high-severity events, directing containment, remediation, and recovery efforts.
Serve as the escalation point for SOC analysts and ensure timely, coordinated response actions.
Develop and maintain incident response frameworks, including runbooks, playbooks, and post-incident reviews.
Partner with executive leadership, clinical staff, and external stakeholders (law enforcement, MSSPs) to manage incident communications.
Splunk Enterprise Security SME
Maintain and optimize Splunk ES detections, correlation rules, dashboards, and reporting.
Guide SOC analysts on triage, alert enrichment, and threat-hunting practices.
SOAR & Automation
Build and manage security orchestration and automated response playbooks.
Orchestrate integrations across SIEM, EDR, vulnerability management, and identity systems.
Documentation & Reporting
Produce accurate documentation for incidents, including executive-level summaries and technical after-action reports.
Ensure incident response processes and playbooks are continuously updated.
Preparedness & Training
Lead tabletop exercises, red/blue team simulations, and cyber range events.
Mentor and coach SOC analysts to elevate detection and response maturity.
Qualifications
Bachelor's degree in computer science, math, engineering, or another relevant discipline or equivalent training and work experience (Required)
Minimum Work Experience
10+ years of experience in cybersecurity with a focus on vulnerability management, cybersecurity operations, analysis, forensics and/or investigations (Required)
Required Skills/Knowledge
Experience leading in the application of key cybersecurity practices, controls, and frameworks
Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences
Experience leading cybersecurity auditing, compliance, and policy
Experience leading cybersecurity risk assessments, vulnerability management, penetration testing, and threat identification
Experience leading the management of access controls including identity, active directory, privileged account management, and authentication
Experience leading cybersecurity incident response, risk remediation, business continuity, disaster recovery, and cyber operations
Functional Accountabilities
Cybersecurity Analysis: Oversees the Identification, documentation, and reporting of cybersecurity risks
Leads the development of Information Security policies, standards, and procedures
Leads engagement with senior leaders of CNH business units to ensure security of assets, applications, and data
Leads the application of procedures and systems associated with managing access to CNH systems, data, and other assets
Leads the execution of responses associated with cybersecurity incidents, as required
Location & Details
Primary Location: Maryland-Silver Spring
Work Locations: Inventa Towers 1 Inventa Place Silver Spring 20910
Job: Information Technology
Organization: Operations
Position Status: R (Regular) - FT - Full-Time
Shift: Day
Work Schedule: 8-5
Job Posting: Sep 15, 2025, 6:57:58 PM
Full-Time Salary Range: 128452 - 214087
Children's National Hospital is an equal opportunity employer that evaluates qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity, or other characteristics protected by law. The “Know Your Rights” poster is available here: and the pay transparency policy is available here: Know Your Rights Pay Transparency Nondiscrimination Poster.
Please note that it is the policy of Children\'s National Hospital to ensure a “drug-free” work environment: a workplace free from the illegal use, possession or distribution of controlled substances (as defined in the Controlled Substances Act), or the misuse of legal substances, by all staff. Though recreational and medical marijuana are now legal in the District of Columbia, Children\'s National and its affiliates maintain the right, in accordance with our policy, to enforce a drug-free workplace, including prohibiting recreational or prescribed marijuana.
#J-18808-Ljbffr
Lead Information Security Analyst - ( 250002LU ). We are seeking a Lead Information Security Analyst to serve as our Incident Response/SOC SME, ideally with prior experience as a Security Incident Response Leader (SIRL). This role will lead incident response strategy and execution, with hands-on expertise in operational Splunk Enterprise Security (SIEM), Microsoft Defender security suite (including Endpoint, Identity, and Servers), and SOAR playbook automation. The successful candidate will lead complex incident investigations, coordinate responses across IT and clinical teams, and drive ongoing improvements in security operations. You will also mentor SOC analysts, enhance detection capabilities, and ensure that lessons learned are integrated into practices.
Responsibilities
Incident Response Leadership (SIRL)
Act as the Security Incident Response Leader during high-severity events, directing containment, remediation, and recovery efforts.
Serve as the escalation point for SOC analysts and ensure timely, coordinated response actions.
Develop and maintain incident response frameworks, including runbooks, playbooks, and post-incident reviews.
Partner with executive leadership, clinical staff, and external stakeholders (law enforcement, MSSPs) to manage incident communications.
Splunk Enterprise Security SME
Maintain and optimize Splunk ES detections, correlation rules, dashboards, and reporting.
Guide SOC analysts on triage, alert enrichment, and threat-hunting practices.
SOAR & Automation
Build and manage security orchestration and automated response playbooks.
Orchestrate integrations across SIEM, EDR, vulnerability management, and identity systems.
Documentation & Reporting
Produce accurate documentation for incidents, including executive-level summaries and technical after-action reports.
Ensure incident response processes and playbooks are continuously updated.
Preparedness & Training
Lead tabletop exercises, red/blue team simulations, and cyber range events.
Mentor and coach SOC analysts to elevate detection and response maturity.
Qualifications
Bachelor's degree in computer science, math, engineering, or another relevant discipline or equivalent training and work experience (Required)
Minimum Work Experience
10+ years of experience in cybersecurity with a focus on vulnerability management, cybersecurity operations, analysis, forensics and/or investigations (Required)
Required Skills/Knowledge
Experience leading in the application of key cybersecurity practices, controls, and frameworks
Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences
Experience leading cybersecurity auditing, compliance, and policy
Experience leading cybersecurity risk assessments, vulnerability management, penetration testing, and threat identification
Experience leading the management of access controls including identity, active directory, privileged account management, and authentication
Experience leading cybersecurity incident response, risk remediation, business continuity, disaster recovery, and cyber operations
Functional Accountabilities
Cybersecurity Analysis: Oversees the Identification, documentation, and reporting of cybersecurity risks
Leads the development of Information Security policies, standards, and procedures
Leads engagement with senior leaders of CNH business units to ensure security of assets, applications, and data
Leads the application of procedures and systems associated with managing access to CNH systems, data, and other assets
Leads the execution of responses associated with cybersecurity incidents, as required
Location & Details
Primary Location: Maryland-Silver Spring
Work Locations: Inventa Towers 1 Inventa Place Silver Spring 20910
Job: Information Technology
Organization: Operations
Position Status: R (Regular) - FT - Full-Time
Shift: Day
Work Schedule: 8-5
Job Posting: Sep 15, 2025, 6:57:58 PM
Full-Time Salary Range: 128452 - 214087
Children's National Hospital is an equal opportunity employer that evaluates qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity, or other characteristics protected by law. The “Know Your Rights” poster is available here: and the pay transparency policy is available here: Know Your Rights Pay Transparency Nondiscrimination Poster.
Please note that it is the policy of Children\'s National Hospital to ensure a “drug-free” work environment: a workplace free from the illegal use, possession or distribution of controlled substances (as defined in the Controlled Substances Act), or the misuse of legal substances, by all staff. Though recreational and medical marijuana are now legal in the District of Columbia, Children\'s National and its affiliates maintain the right, in accordance with our policy, to enforce a drug-free workplace, including prohibiting recreational or prescribed marijuana.
#J-18808-Ljbffr