Senior Cyber Incident Responder

Job Overview As a core member of the Office of Information Security’s Detection and Response Team (DaRT), the Senior Incident Responder plays a mission‑critical role in protecting patient care, safeguarding sensitive health information, ensuring clinical continuity, and enabling diagnostic and genetic innovation. This position leads the investigation, containment, and resolution of cybersecurity incidents that could impact the confidentiality, integrity, or availability of systems across the enterprise. You’ll collaborate across clinical, IT, and compliance teams to respond to security threats. You’ll handle escalated events from the SOC, perform technical investigations, and lead recovery efforts while maintaining compliance with requirements associated with HIPAA, HITRUST, GDPR, etc. If you’re driven by purpose, technically sharp, and thrive in fast‑paced environments where security meets patient care—this is the role for you. Applicants who live within 35 miles of either the Burlington, NC or Durham, NC location will follow a hybrid schedule. This schedule includes a minimum of three in‑office days per week at an assigned location, either Burlington or Durham, supporting both collaboration and flexibility. Responsibilities Serve as the lead responder for validated cyber incidents—prioritizing threats that could impact clinical operations, electronic health records (EHR), connected medical devices, or protected health information (PHI). Coordinate with technical and clinical stakeholders to contain and remediate threats across hospitals, clinics, and remote care environments. Drive improvements to the Incident Response Plan—ensuring readiness for ransomware, business email compromise, and other threats. Lead triage, containment, and root cause analysis of events affecting clinical applications, patient portals, imaging systems, and backend infrastructure. Analyze logs and EDR telemetry from a wide range of systems—medical devices, cloud applications, employee workstations, and data exchange platforms. Perform investigations across Windows, Linux, iOS, and cloud platforms, using SIEM and manual log analysis where required. Lead stakeholder briefings during high‑severity incidents. Enrich investigations using internal threat intel, OSINT, and health sector‑specific sources (e.g., H-ISAC, HC3 bulletins). Contribute to detection engineering and playbook development aligned with healthcare‑specific threat vectors. Write post‑incident reports with clear insights for operational, risk, and compliance teams. Requirements 3+ years of experience in cybersecurity, preferably with exposure to healthcare IT, hospital systems, or regulated environments. Hands‑on incident response experience in large enterprise environments (30K+ users, multiple business units or hospitals). Strong understanding of HIPAA security rule, HITECH, and how regulatory requirements intersect with incident handling. Familiarity with common healthcare systems such as Epic, Cerner, HL7/FHIR interfaces, or IoMT devices. Experience with incident response frameworks (NIST 800-61, HITRUST IRM, etc.) and adversary models (MITRE ATT&CK, Cyber Kill Chain). Proficient in SIEM (e.g., Splunk, Anvilogic), EDR platforms (e.g., CrowdStrike, SentinelOne) and forensic tools. Strong skills in Windows and Linux OS investigations, network protocol analysis, and EDR telemetry. Proficient in writing detection rules and custom signatures to identify malicious activity. PowerShell, Python, or Bash scripting skills are a plus. Clear communicator with experience handling sensitive incidents in regulated industries. Ability to lead investigations that involve patient data and coordinate with privacy and compliance officers. Education / Certifications Bachelor’s degree in Cybersecurity, Information Systems, or a related field—or equivalent experience in a regulated enterprise. Preferred certifications include: GCIH, GCFA, GCFE, GNFA, GCTI, CISSP, or HCISPP (Healthcare Certified Information Security and Privacy Practitioner). Benefits Employees regularly scheduled to work 20 or more hours per week are eligible for comprehensive benefits including Medical, Dental, Vision, Life, STD/LTD, 401(k), Paid Time Off (PTO) or Flexible Time Off (FTO), Tuition Reimbursement and Employee Stock Purchase Plan. Casual, PRN & Part Time employees regularly scheduled to work less than 20 hours are eligible to participate in the 401(k) Plan only. Employees who are regularly scheduled to work a 7 on/7 off schedule are eligible to receive all the foregoing benefits except PTO or FTO. Equal Opportunity Employer Labcorp is proud to be an Equal Opportunity Employer: Labcorp strives for inclusion and belonging in the workforce and does not tolerate harassment or discrimination of any kind. We make employment decisions based on the needs of our business and the qualifications and merit of the individual. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), family or parental status, marital, civil union or domestic partnership status, sexual orientation, gender identity, gender expression, personal appearance, age, veteran status, disability, genetic information, or any other legally protected characteristic. Additionally, all qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law. #J-18808-Ljbffr LCA Lab. Corp. of America