Pay range: $50.33 - $75.50 per hour ($104,686 - $157,040 annually), based on experience.

About St. Charles Health System:

St. Charles Health System is a leading healthcare provider in Central Oregon, offering a comprehensive range of services to meet the needs of our community. We are committed to providing high-quality, compassionate care to all patients, regardless of their ability to pay. Our values of compassion, excellence, integrity, teamwork, and stewardship guide our work and shape our culture.

What We Offer:

Competitive Salary

Comprehensive benefits including Medical, Dental, Vision for you and your immediate family

403b with up to 6% match on Retirement Contributions

Generous Earned Time Off

Growth Opportunities within Healthcare

ST. CHARLES HEALTH SYSTEM

JOB DESCRIPTION

TITLE: Senior Incident Response Analyst

REPORTS TO POSITION: Manager, Security Operations

DEPARTMENT: Information Technology

DATE LAST REVIEWED: August 2025

OUR VISION: Creating Americas healthiest community, together

OUR MISSION: In the spirit of love and compassion, better health, better care, better value

OUR VALUES: Accountability, Caring and Teamwork

DEPARTMENT SUMMARY: The Information Technology department helps improve the work of our caregivers by providing efficient and reliable platforms, comprehensive training, and stellar customer service. We do this by taking pride in the integrity of our workflows, data security, and training delivery. We partner with our customers to leverage various technologies to achieve the best patient outcomes possible by implementing new hardware and software solutions, upgrading existing environments, protecting the data we store, and integrating different solutions to achieve a seamless experience.

POSITION OVERVIEW: The Senior Incident Response Analyst serves as a subject matter expert and leader within the Security Operations Center (SOC), owning the most complex and high-impact cybersecurity investigations and response efforts across the organization. This position requires deep technical expertise, strong decision-making capabilities, and the ability to drive cross-functional coordination during high-pressure security events.

In addition to leading incident response efforts, the Senior Analyst is responsible for shaping incident response strategy, advancing detection and response capabilities, mentoring junior analysts, and advising leadership on emerging threats and risks. This role significantly contributes to the maturation of the organizations cybersecurity program and acts as a trusted advisor for both technical teams and business stakeholders.

This position does not directly manage caregivers but provides guidance, oversight, and quality assurance on the work of others.

This position does not directly manage any other caregivers.

ESSENTIAL FUNCTIONS AND DUTIES:

Act as a senior escalation point for the SOC, leading the most complex investigations and providing expert-level analysis across security tools (SIEM, EDR, IDS/IPS, forensic platforms, cloud environments).

Direct and coordinate incident response activities end-to-end, including containment, eradication, recovery, and executive-level reporting.

Perform deep forensic analysis and malware investigation to determine root cause, scope, and impact of incidents.

Own and evolve incident response playbooks, ensuring they align with industry best practices, regulatory requirements, and organizational needs.

Partner with IT, infrastructure, compliance, and business stakeholders to mitigate vulnerabilities and implement long-term risk reduction strategies.

Proactively conduct advanced threat hunting to identify signs of compromise and improve detection methodologies.

Lead post-incident reviews, delivering actionable recommendations and driving continuous improvement across tools, processes, and training.

Serve as a mentor and technical advisor to junior and mid-level analysts, fostering professional growth and knowledge transfer.

Maintain deep knowledge of current threat actors, tactics, techniques, and procedures (TTPs) to inform detection engineering and response efforts.

Collaborate with leadership to influence strategic cybersecurity initiatives, tool selection, and investment decisions.

Lead or co-lead tabletop exercises and simulations to validate and strengthen the incident response program.

Ensure adherence to all applicable regulatory frameworks (e.g., HIPAA, PCI-DSS, NIST, HITRUST) during investigations and response activities.

Supports the vision, mission, and values of the organization in all respects.

Supports the Lean principles of continuous improvement with energy and enthusiasm, functioning as a champion of change.

Provides and maintains a safe environment for caregivers, patients and guests.

Conducts all activities with the highest standards of professionalism and confidentiality. Complies with all applicable laws, regulations, policies and procedures, supporting the organizations corporate integrity efforts by acting in an ethical and appropriate manner, reporting known or suspected violation of applicable rules, and cooperating fully with all organizational investigations and proceedings.

Delivers customer service and/or patient care in a manner that promotes goodwill, is timely, efficient, and accurate.

May perform additional duties of similar complexity within the organization, as required or assigned.

EDUCATION:

Required: Bachelors degree in Information Technology, Cybersecurity, or a related discipline, or equivalent combination of education and experience.

Preferred: Masters degree in Cybersecurity, Information Technology, or a related discipline.

LICENSURE/CERTIFICATION/REGISTRATION:

Required: At least one advanced security certification within one (1) year of hire (e.g., GCIH, GCIA, CISSP, CISM).

EXPERIENCE:

Required: Minimum of seven (7) years of experience in information security, with at least four (4) years focused on incident response or SOC operations. Proven expertise in forensic analysis, malware investigation, SIEM/EDR tuning, and large-scale incident handling.

Preferred: Experience in regulated industries such as healthcare or finance. Demonstrated expertise in cloud security, detection engineering, and proactive threat hunting. Prior experience influencing security strategy and mentoring teams.

PERSONAL PROTECTIVE EQUIPMENT:

Must be able to wear appropriate Personal Protective Equipment (PPE) required to perform the job safely.

PHYSICAL REQUIREMENTS:

Continually (75% or more): Use of clear and audible speaking voice and the ability to hear normal speech level.

Frequently (50%): Sitting, standing, walking, lifting 1-10 pounds, keyboard operation.

Occasionally (25%): Bending, climbing stairs, reaching overhead, carrying/pushing or pulling 1-10 pounds, grasping/squeezing.

Rarely (10%): Stooping/kneeling/crouching, lifting, carrying, pushing or pulling 11-15 pounds, operation of a motor vehicle.

Never (0%): Climbing ladder/stepstool, lifting/carrying/pushing or pulling 25-50 pounds, ability to hear whispered speech level.

Exposure to Elemental Factors

Never (0%): Heat, cold, wet/slippery area, noise, dust, vibration, chemical solution, uneven surface.

Blood-Borne Pathogen (BBP) Exposure Category

No Risk for Exposure to BBP

Schedule Weekly Hours:

40

Caregiver Type:

Regular

Shift:

Is Exempt Position?

Yes

Job Family:

ANALYST INFORMATION TECHNOLOGY

Scheduled Days of the Week:

Monday-Friday

Shift Start & End Time:

8 am-5 pm, with exceptions based on project and on-call work.

Return to Search Results