Expert IT Cyber Defense Analyst - 8990

Veradigm Life Veradigm is here to transform health, insightfully. Veradigm delivers a unique combination of point-of-care clinical and financial solutions, a commitment to open interoperability, a large and diverse healthcare provider footprint, along with industry proven expert insights. We are dedicated to simplifying the complicated healthcare system with next-generation technology and solutions, transforming healthcare from the point-of-patient care to everyday life. For more information, please explore Veradigm.com. Expert IT Cyber Defense Analyst - 8990 – Full Time – 100% Remote. What will your job look like: The Expert IT Cyber Defense Analyst is a senior technical role responsible for advanced threat detection, security monitoring, incident investigation, and response across enterprise environments. This position acts as a technical authority within the Security Operations Center (SOC), driving high-impact investigations, optimizing detections, mentoring analysts, and strengthening the organization’s overall cyber defense posture. The analyst collaborates closely with Incident Response, Cloud Security, Infrastructure, and Threat Intelligence teams to ensure rapid mitigation and continuous improvement of cyber defenses. An Ideal Candidate will have: Perform continuous monitoring of network, endpoint, identity, cloud, and application telemetry using SIEM, EDR, IDS/IPS, Firewall, AAD, and vulnerability management platforms. Identify sophisticated threats by correlating multi-source telemetry, detecting anomalies, and recognizing attacker TTPs. Enhance SIEM and EDR detection logic by creating and tuning correlation rules, behavioral analytics, watchlists, and automated alert workflows to reduce false positives and improve detection fidelity. Lead high-severity incidents and complex investigations involving malware, privilege misuse, lateral movement, ransomware indicators, persistence mechanisms, and potential data exfiltration. Conduct in-depth forensic analysis of endpoints, logs, cloud audit trails, and network flows to determine root cause, scope, and business impact. Collaborate with the Incident Response (IR) team to drive containment, eradication, and recovery efforts with minimal operational disruption. Perform proactive threat hunting aligned with the latest threat intelligence, emerging TTPs, vulnerabilities, and adversary campaigns. Serve as a subject matter expert for Tier 1 and Tier 2 analysts, providing guidance on triage decisions, investigation handling, and escalation criteria. Review and audit alerts handled by junior analysts to ensure accuracy, completeness, and adherence to SOC processes. Contribute to SOC capability uplift through training, knowledge sharing, and continuous improvement initiatives. Develop, refine, and maintain SOPs, incident response playbooks, and detection runbooks to support consistent and repeatable operations. Assess business impact of ongoing or emerging threats and help prioritize response efforts based on severity and risk. Communicate technical findings, risks, and remediation recommendations to technical and non-technical stakeholders. Collaborate with Cloud, Infrastructure, Application, and Threat Intelligence teams to resolve vulnerabilities and operationalize intelligence-driven detections. The ideal candidate will have: Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. 5–8+ years of experience in SOC operations, cyber defense, threat hunting, or incident response roles. Strong hands-on expertise with SIEM (Splunk, Sentinel), EDR (CrowdStrike, Microsoft Defender), IDS/IPS, Firewalls, and cloud security monitoring (Azure/AWS). Deep knowledge of Windows, Linux, and cloud audit logs, authentication flows, and security telemetry. Proven experience investigating high-severity incidents, malware behavior, lateral movement, privilege misuse, and network-based threats. Strong understanding of MITRE ATT&CK, cyber kil ... (truncated, view full listing at source)