Expert IT Cyber Defense Analyst

Welcome to Veradigm Our Mission is to be the most trusted provider of innovative solutions that empower all stakeholders across the healthcare continuum to deliver world-class outcomes. Our Vision is a Connected Community of Health that spans continents and borders. With the largest community of clients in healthcare, Veradigm is able to deliver an integrated platform of clinical, financial, connectivity and information solutions to facilitate enhanced collaboration and exchange of critical patient information.

Veradigm Life

Veradigm is here to transform health, insightfully. Veradigm delivers a unique combination of point-of-care clinical and financial solutions, a commitment to open interoperability, a large and diverse healthcare provider footprint, along with industry proven expert insights. We are dedicated to simplifying the complicated healthcare system with next-generation technology and solutions, transforming healthcare from the point-of-patient care to everyday life.

For more information, please explore

Expert IT Cyber Defense Analyst – Full Time – 100% Remote.
What will your job look like:
The Expert IT Cyber Defense Analyst is a senior technical role responsible for advanced threat detection, security monitoring, incident investigation, and response across enterprise environments. This position acts as a technical authority within the Security Operations Center (SOC), driving high-impact investigations, optimizing detections, mentoring analysts, and strengthening the organization's overall cyber defense posture. The analyst collaborates closely with Incident Response, Cloud Security, Infrastructure, and Threat Intelligence teams to ensure rapid mitigation and continuous improvement of cyber defenses.

An Ideal Candidate will have:

• Perform continuous monitoring of network, endpoint, identity, cloud, and application telemetry using SIEM, EDR, IDS/IPS, Firewall, AAD, and vulnerability management platforms.
• Identify sophisticated threats by correlating multi-source telemetry, detecting anomalies, and recognizing attacker TTPs.
• Enhance SIEM and EDR detection logic by creating and tuning correlation rules, behavioral analytics, watchlists, and automated alert workflows to reduce false positives and improve detection fidelity.
• Lead high-severity incidents and complex investigations involving malware, privilege misuse, lateral movement, ransomware indicators, persistence mechanisms, and potential data exfiltration.
• Conduct in-depth forensic analysis of endpoints, logs, cloud audit trails, and network flows to determine root cause, scope, and business impact.
• Collaborate with the Incident Response (IR) team to drive containment, eradication, and recovery efforts with minimal operational disruption.
• Perform proactive threat hunting aligned with the latest threat intelligence, emerging TTPs, vulnerabilities, and adversary campaigns.
• Serve as a subject matter expert for Tier 1 and Tier 2 analysts, providing guidance on triage decisions, investigation handling, and escalation criteria.
• Review and audit alerts handled by junior analysts to ensure accuracy, completeness, and adherence to SOC processes.
• Contribute to SOC capability uplift through training, knowledge sharing, and continuous improvement initiatives.
• Develop, refine, and maintain SOPs, incident response playbooks, and detection runbooks to support consistent and repeatable operations.
• Assess business impact of ongoing or emerging threats and help prioritize response efforts based on severity and risk.
• Communicate technical findings, risks, and remediation recommendations to technical and non-technical stakeholders.
• Collaborate with Cloud, Infrastructure, Application, and Threat Intelligence teams to resolve vulnerabilities and operationalize intelligence-driven detections.

The ideal candidate will have:

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience.
• 5–8+ years of experience in SOC operations, cyber defense, threat hunting, or incident response roles.
• Strong hands-on expertise with SIEM (Splunk, Sentinel), EDR (CrowdStrike, Microsoft Defender), IDS/IPS, Firewalls, and cloud security monitoring (Azure/AWS).
• Deep knowledge of Windows, Linux, and cloud audit logs, authentication flows, and security telemetry.
• Proven experience investigating high-severity incidents, malware behavior, lateral movement, privilege misuse, and network-based threats.
• Strong understanding of MITRE ATT&CK, cyber kill chain, threat intelligence lifecycle, and adversary detection techniques.
• Experience writing detection rules, triage workflows, and automated SOAR playbooks.
• Strong analytical, investigative, and communication skills.

Preferred Certifications

• GCIH (GIAC Certified Incident Handler)
• Security+
• CEH
• CySA+
• AZ-500

Benefits
Veradigm believes in empowering our associates with the tools and flexibility to bring the best version of themselves to work. Through our generous benefits package with an emphasis on work/life balance, we give our employees the opportunity to allow their careers to flourish.

• Quarterly Company-Wide Recharge Days
• Flexible Work Environment (Remote)
• Peer-based incentive "Cheer" awards
• "All in to Win" bonus Program
• Tuition Reimbursement Program

To know more about the benefits and culture at Veradigm, please visit the links mentioned below: -

Veradigm is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse and inclusive workforce.

Thank you for reviewing this opportunity Does this look like a great match for your skill set? If so, please scroll down and tell us more about yourself