Skip to main content
Welcome to CommonSpirit Careers

Cybersecurity Sr Engineer Incident Response

CommonSpirit Health Englewood, Colorado

The posted compensation range of $46.96 - $68.10 /hour is a reasonable estimate that extends from the lowest to the highest pay CommonSpirit in good faith believes it might pay for this particular job, based on the circumstances at the time of posting. CommonSpirit may ultimately pay more or less than the posted range as permitted by law.

Requisition ID 2024-361910 Employment Type Full Time Department Information Technology Hours/Pay Period 80 Shift Day Weekly Schedule Monday - Friday (8:00 AM - 5:00 PM) Remote Yes Category Information Technology

CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.


This is a remote position.


The purpose of the CYBERSECURITY SENIOR ENGINEER position is to support the Incident Response and Threat Intelligence group program for CommonSpirit Health. This program is responsible for cyber security incident response and investigation including preparation, documentation, and coordination with other teammates and teams, assisting with eradication and recovery, and any necessary post-incident activities. 

The CYBERSECURITY SENIOR ENGINEER, Incident Response and Threat Intelligence position will report to the Director, Threat Intel and Incident Response as part of the overall Fusion Center focused on identifying, protecting, responding and containing threats and Vulnerabilities to the overall CommonSpirit organization. 

The expectations for this position are: 

  • Participate in a lead role in the Cyber Security Incident Response Team (CSIRT). Lead CSIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage. 
  • Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities, including collaboration with Cyber engineers on solution design recommendations. 
  • Technical Experience with cyber security investigative technologies such as SIEM, packet capture analysis, host forensics and memory analysis tools 
  • Assist in the development of incident handling processes, standard operating procedures, playbooks andrunbooks with ability to analyze and implement the technical changes required within IR tools necessary to meetthose processes.
  • Ability to analyze data and communicate malicious behavior discoveries to non-technical consumers
  • Extensive experience in leading cyber-attack investigations and of working in a similar 24/7 environmentsmanaging cases with enterprise SIEM or Incident Management systems
  • Produce actionable intelligence in the form of alerts, reports, and briefings. 

The CYBERSECURITY SENIOR ENGINEER will work with the following internal and external stakeholders in the course of their responsibilities: 

  • Cybersecurity Analysts and Engineers and leaders within the Cyber Fusion Center 
  • Cybersecurity Analysts and Engineers and leaders within Cybersecurity Engineering 
  • Analyst and Engineers and leadership within Infrastructure, Application and Digital areas Managers and Directors and Executive leadership as needed within Infrastructure, Application and Digital areas Vendors, partners, and other relevant external stakeholders 


  • Become an expert in CommonSpirit Health’s technology stack to understand points of weakness and opportunities for security solutions 
  • Investigate, triage, contain, and mitigate complex cybersecurity alerts and incidents using various cyber security tools such as: EDR, SIEM and CASB. 
  • Determine nature and scale of complex threats and provide recommended containment actions Design, Build, Manage internal tools for incident detection workflow and response orchestration Create and tune complex data models and/or SIEM alerts for automated response orchestration and systemic improvement 
  • Create and tune Use Cases as identified per roadmap and opportunity identification 
  • Reviews threat intelligence reports and feeds, makes recommendations and leads implementations for profile or toolset changes based on reviews. 
  • Perform threat hunting exercises by developing detection rules and analyzing cybersecurity data to discover complex activity not seen within the environment 
  • Collaborate with internal stakeholders and leadership on addressing systemic security issues Extensive experience with one or more scripting languages (PowerShell, Python, Bash, etc.)Conduct trending and correlation of multiple cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resiliency 
  • Demonstrated understanding of complex threat modeling techniques, in a cyber intelligence or cyber operations environment 
  • Ability to maintain or develop professional contacts in the cyber security community and within multiple sectors/industries including healthcare and biomedical research.

  • Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required. 
  • 4-5 years required, 5+ years preferred previous experience in related job area: Incident Response, Information Security, Threat Management, Forensics/eDiscovery, Network or System Administration 
  • Previous experience in IT security/system/network operations and administration or programming preferred.
  • Two or more relevant technical/professional security certifications (such as: COMPTIA Network+, Security+, SANS/GIAC, EC-Council, CISSP or vendor-specific) preferred.
  • Experience in Windows, UNIX/Linux OS and/or Cisco IOS, Network protocols, End Point Protection platforms, SIEM tools, SOAR platforms preferred. 
  • Fundamental understanding of: TCP/IP, common ports andprotocols, traffic flow, system administration, OSI model,defense-in-depth, common security elements and architectures(and associated tradeoffs).
  • Previous experience within Security Operations Centers or Incident Response teams preferred 
  • Previous Information Security experience in the healthcare/medical environment strongly preferred. 
  • Knowledge of healthcare environments preferred.




While you’re busy impacting the healthcare industry, we’ll take care of you with benefits that may include health/dental/vision, FSA, matching retirement plans, paid time off, tuition assistance, adoption assistance, and more!

Unless directed by a Collective Bargaining Agreement, applications for this position will be considered on a rolling basis. CommonSpirit Health cannot anticipate the date by which a successful candidate may be identified.

Map this location

Get tailored job recommendations based on your interests.

Click Here

No recently viewed jobs

You have no saved jobs

Equal Opportunity

CommonSpirit Health™ is an Equal Opportunity/Affirmative Action employer committed to a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, parental status, ancestry, veteran status, genetic information, or any other characteristic protected by law. For more information about your EEO rights as an applicant, please click here.

CommonSpirit Health™ will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c). External hires must pass a post-offer, pre-employment background check/drug screen. Qualified applicants with an arrest and/or conviction will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, ban the box laws, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances. If you need a reasonable accommodation for any part of the employment process, please contact us by telephone at (415) 438-5575 and let us know the nature of your request. We will only respond to messages left that involve a request for a reasonable accommodation in the application process. We will accommodate the needs of any qualified candidate who requests a reasonable accommodation under the Americans with Disabilities Act (ADA). CommonSpirit Health™ participates in E-Verify.