UChicago Medicine
Information Security Manager - Security Operations Center
UChicago Medicine, Darien, Illinois, United States, 60561
Overview
Information Security Manager – Security Operations Center (SOC) at UChicago Medicine. This role oversees and enhances security operations by managing SIEM and SOAR, leading threat hunting, coordinating with an outsourced security services provider, and helping to build and manage an internal SOC. The position is primarily work-from-home with onsite presence once a week in the Darien, IL area. Responsibilities
Lead the administration, tuning, and optimization of the SIEM and SOAR tools to ensure effective threat detection and response. Monitor the performance of the SOC vendor and ensure proper integration of security data sources and data integrity. Assist in building an internally based Security Operations Center. Manage and support staff on incident response and threat-hunting activities to detect advanced threats. Collaborate with security teams to investigate incidents, identify root causes, and implement mitigations. Develop and implement SIEM and SOAR use cases, correlation rules, and log management strategies. Serve as an escalation point, mentor, and advisor to leadership on threat-based activities, incident response, and vendor performance. Improve processes and playbooks; ensure continuous improvement of security operations. Manage a team of 3-10 people. Other duties as assigned. Qualifications
Bachelor’s degree from an accredited college or university 5+ years of experience in security operations, threat detection, and/or incident response Minimum of 2 years of experience in an Information Security Operations Center or equivalent Experience managing a security team and/or mentoring security analysts Experience with managed security service providers (MSSPs) or third-party security vendors Security certifications or ability to obtain within 2 years (e.g., CISSP, GIAC, CEH) or equivalent Deep understanding of SIEM/SOAR platforms (e.g., Google Chronicle or similar) including rule creation, log ingestion, tuning, and alert triage Hands-on experience with EDR, XDR, SOAR platforms, vulnerability scanners, and endpoint protection Proficiency in scripting (PowerShell, Python) for automation and alerting/playbook development Familiarity with security monitoring in cloud environments (preferably Microsoft Azure) Knowledge of threat hunting methodologies, anomaly detection, and threat intel feeds Experience coordinating response to security incidents, including containment, eradication, and recovery Ability to analyze logs from firewalls, endpoints, IDS/IPS, and cloud environments to identify threats Knowledge of threat intelligence, adversary tactics, and cybersecurity frameworks (MITRE ATT&CK, NIST, CIS) Strong written and verbal communication skills and ability to collaborate across teams Preferred Qualifications
Master’s degree Knowledge of HIPAA and health care regulations Experience in academic medical centers or health care consulting Position Details
Job Type/FTE: Full Time (1.0 FTE) Shift: Days Location: Flexible (Darien, IL on-site once per week) Unit/Department: Information Security Office CBA Code: Non-Union Compensation
The base pay range is $174,500.00/yr - $232,700.00/yr. The actual pay will be based on skills and experience. This information is provided for planning purposes and may be adjusted during the recruiting process. Equal Opportunity
UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics. Notes
As a condition of employment, all employees are required to complete a pre-employment physical, background check, drug screening, and comply with flu vaccination requirements where applicable. Medical and religious exemptions will be considered as permitted by law.
#J-18808-Ljbffr
Information Security Manager – Security Operations Center (SOC) at UChicago Medicine. This role oversees and enhances security operations by managing SIEM and SOAR, leading threat hunting, coordinating with an outsourced security services provider, and helping to build and manage an internal SOC. The position is primarily work-from-home with onsite presence once a week in the Darien, IL area. Responsibilities
Lead the administration, tuning, and optimization of the SIEM and SOAR tools to ensure effective threat detection and response. Monitor the performance of the SOC vendor and ensure proper integration of security data sources and data integrity. Assist in building an internally based Security Operations Center. Manage and support staff on incident response and threat-hunting activities to detect advanced threats. Collaborate with security teams to investigate incidents, identify root causes, and implement mitigations. Develop and implement SIEM and SOAR use cases, correlation rules, and log management strategies. Serve as an escalation point, mentor, and advisor to leadership on threat-based activities, incident response, and vendor performance. Improve processes and playbooks; ensure continuous improvement of security operations. Manage a team of 3-10 people. Other duties as assigned. Qualifications
Bachelor’s degree from an accredited college or university 5+ years of experience in security operations, threat detection, and/or incident response Minimum of 2 years of experience in an Information Security Operations Center or equivalent Experience managing a security team and/or mentoring security analysts Experience with managed security service providers (MSSPs) or third-party security vendors Security certifications or ability to obtain within 2 years (e.g., CISSP, GIAC, CEH) or equivalent Deep understanding of SIEM/SOAR platforms (e.g., Google Chronicle or similar) including rule creation, log ingestion, tuning, and alert triage Hands-on experience with EDR, XDR, SOAR platforms, vulnerability scanners, and endpoint protection Proficiency in scripting (PowerShell, Python) for automation and alerting/playbook development Familiarity with security monitoring in cloud environments (preferably Microsoft Azure) Knowledge of threat hunting methodologies, anomaly detection, and threat intel feeds Experience coordinating response to security incidents, including containment, eradication, and recovery Ability to analyze logs from firewalls, endpoints, IDS/IPS, and cloud environments to identify threats Knowledge of threat intelligence, adversary tactics, and cybersecurity frameworks (MITRE ATT&CK, NIST, CIS) Strong written and verbal communication skills and ability to collaborate across teams Preferred Qualifications
Master’s degree Knowledge of HIPAA and health care regulations Experience in academic medical centers or health care consulting Position Details
Job Type/FTE: Full Time (1.0 FTE) Shift: Days Location: Flexible (Darien, IL on-site once per week) Unit/Department: Information Security Office CBA Code: Non-Union Compensation
The base pay range is $174,500.00/yr - $232,700.00/yr. The actual pay will be based on skills and experience. This information is provided for planning purposes and may be adjusted during the recruiting process. Equal Opportunity
UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics. Notes
As a condition of employment, all employees are required to complete a pre-employment physical, background check, drug screening, and comply with flu vaccination requirements where applicable. Medical and religious exemptions will be considered as permitted by law.
#J-18808-Ljbffr