Director, Cyber Detection & Response

What Cybersecurity Defense contributes to Cardinal Health

Cybersecurity Defense focuses heavily on threat detection, incident response, and implementing security measures to protect our digital assets and infrastructure at Cardinal Health. The Director, Cyber Detection & Response is responsible for establishing, leading, and continuously enhancing cybersecurity detection, monitoring, and incident response capabilities to protect the organization from evolving cyber threats. Furthermore, this leader oversees Security Operations Center (SOC) operations, cyber threat detection, incident response, threat intelligence, and security testing functions to enable rapid identification, containment, and remediation of cybersecurity threats. This role plays a critical role in driving proactive defense strategies, improving detection and response capabilities, and ensuring alignment with risk and resilience objectives.

Location - Open to candidates nationwide working in a fully remote capacity, with preference towards those based in Central or Eastern time zones (willingness to travel into our Corporate HQ in Dublin, OH during certain period of the year is a plus)

Responsibilities

• Develop and lead the cybersecurity detection and response strategy aligned with enterprise risk, threat landscape, and business priorities.

• Establish governance frameworks and operating models for SOC, incident response, and threat management functions.

• Serve as an advisor to leadership on threat trends, detection capabilities, and response readiness.

• Drive continuous improvement of detection and response capabilities to address evolving threats and business needs.

• Oversee SOC operations, including security logging, monitoring, alerting, and incident triage across the environment.

• Oversee effective use of SIEM platforms to analyze correlated events, detect anomalies, and escalate potential incidents.

• Lead the development and optimization of detection use cases, analytics, and monitoring strategies to improve visibility across the environment.

• Oversee monitoring capabilities across IT and OT environments, ensuring coverage of critical systems and infrastructure.

• Lead detection engineering and security tooling functions, including SIEM, SOAR, EDR, UEBA, and DLP capabilities.

• Oversee the definition and implementation of use cases, rules, and configurations to improve automated detection, investigation, and response workflows.

• Drive optimization and integration of security tools to enhance operational efficiency and reduce false positives.

• Establish and lead threat intelligence capabilities to gather, analyze, and operationalize threat data from internal and external sources.

• Oversee threat monitoring, analysis, and detection rule enhancement to proactively identify emerging threats.

• Lead threat modeling activities to identify attack vectors, vulnerabilities, and control gaps across systems and processes.

• Drive proactive threat hunting initiatives to identify hidden threats and indicators of compromise (IoCs) within the environment.

• Lead enterprise incident response (IR) capabilities, including planning, testing, execution, and continuous improvement of IR processes.

• Oversee incident response lifecycle activities including detection, triage, containment, eradication, and recovery.

• Oversee incident response simulations and exercises to validate readiness and improve response effectiveness.

• Enable effective coordination of incident response efforts across cybersecurity, IT, legal, and business stakeholders.

• Manage breach notification processes and communication protocols for cybersecurity incidents.

• Oversee digital forensics and investigative activities to determine the scope, root cause, and impact of cybersecurity incidents.

• Ensure proper evidence collection, analysis, and documentation to support investigations and regulatory requirements.

• Lead post-incident reviews and root cause analysis to strengthen detection and response capabilities.

• Lead offensive and defensive security testing capabilities, including red teaming, penetration testing, and adversarial simulations.

• Oversee blue team operations to detect, analyze, and respond to threats across enterprise environments.

• Facilitate purple teaming activities to enhance collaboration between offensive and defensive teams and improve detection and response effectiveness.

• Drive continuous improvement of security controls through testing, validation, and simulation exercises.

• Collaborate with cybersecurity, IT, risk, legal, and business teams to integrate detection and response capabilities into enterprise operations.

• Partner with architecture, engineering, and infrastructure teams to ensure detection and response requirements are embedded into system design and deployment.

• Provide actionable insights and reporting to leadership on threat landscape, incident trends, and response effectiveness.

• Support audit and regulatory activities by providing evidence and documentation related to detection and response processes

• Define and track KPIs and KRIs related to detection, response, and operational performance.

• Provide regular reporting to leadership on SOC performance, incident metrics, and threat trends.

• Identify opportunities to enhance detection coverage, reduce response times, and improve operational efficiency.

• Drive continuous improvement initiatives to mature detection and response capabilities.

• Build and lead a high-performing cybersecurity detection and response team across SOC, IR, and threat management functions.

• Develop team capabilities through training, mentoring, and structured career development initiatives.

• Foster a culture of accountability, collaboration, and continuous improvement.

• Ensure alignment of team capabilities with evolving threat landscape and organizational needs.

Qualifications

• Ideally targeting individuals with 10+ years of experience in cybersecurity, with a strong focus on detection, incident response, and security operations.

• Deep expertise in SOC operations, SIEM, incident response, and threat intelligence a plus.

• Experience leading cybersecurity operations teams and managing complex incident response activities, a strong preference.

• Strong understanding of cybersecurity frameworks (e.g., NIST CSF) and regulatory requirements required.

• Demonstrated ability to communicate technical concepts and risk insights to executive leadership.

• Strong leadership, analytical, and problem-solving skills.

• Experience in highly regulated industries, a plus

• Experience with advanced analytics, automation, and AI-driven security operations, a strong preference

#LI-LP

#LI-Remote

Anticipated salary range: $135,400 - $208,100

Bonus eligible: Yes

Benefits: Cardinal Health offers a wide variety of benefits and programs to support health and well-being.

• Medical, dental and vision coverage

• Paid time off plan

• Health savings account (HSA)

• 401k savings plan

• Access to wages before pay day with myFlexPay

• Flexible spending accounts (FSAs)

• Short- and long-term disability coverage

• Work-Life resources

• Paid parental leave

• Healthy lifestyle programs

Application window anticipated to close: 07/01/2026 *if interested in opportunity, please submit application as soon as possible.

The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.

Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.

To read and review this privacy notice click here (