St. Charles Health System

Compensation

Full Description

Pay range: $50.33 - $75.50 per hour ($104,686 - $157,040 annually), based on experience. About St. Charles Health System: St. Charles Health System is a leading healthcare provider in Central Oregon, offering a comprehensive range of services to meet the needs of our community. We are committed to providing high-quality, compassionate care to all patients, regardless of their ability to pay. Our values of compassion, excellence, integrity, teamwork, and stewardship guide our work and shape our culture. What We Offer: Competitive Salary Comprehensive benefits including Medical, Dental, Vision for you and your immediate family 403b with up to 6% match on Retirement Contributions Generous Earned Time Off Growth Opportunities within Healthcare ST. CHARLES HEALTH SYSTEM JOB DESCRIPTION TITLE: Senior Incident Response Analyst REPORTS TO POSITION: Manager, Security Operations DEPARTMENT: Information Technology DATE LAST REVIEWED: August 2025 OUR VISION: Creating America’s healthiest community, together OUR MISSION: In the spirit of love and compassion, better health, better care, better value OUR VALUES: Accountability, Caring and Teamwork DEPARTMENT SUMMARY: The Information Technology department helps improve the work of our caregivers by providing efficient and reliable platforms, comprehensive training, and stellar customer service. We do this by taking pride in the integrity of our workflows, data security, and training delivery. We partner with our customers to leverage various technologies to achieve the best patient outcomes possible by implementing new hardware and software solutions, upgrading existing environments, protecting the data we store, and integrating different solutions to achieve a seamless experience. POSITION OVERVIEW: The Senior Incident Response Analyst serves as a subject matter expert and leader within the Security Operations Center (SOC), owning the most complex and high-impact cybersecurity investigations and response efforts across the organization. This position requires deep technical expertise, strong decision-making capabilities, and the ability to drive cross-functional coordination during high-pressure security events. In addition to leading incident response efforts, the Senior Analyst is responsible for shaping incident response strategy, advancing detection and response capabilities, mentoring junior analysts, and advising leadership on emerging threats and risks. This role significantly contributes to the maturation of the organization’s cybersecurity program and acts as a trusted advisor for both technical teams and business stakeholders. This position does not directly manage caregivers but provides guidance, oversight, and quality assurance on the work of others. This position does not directly manage any other caregivers. ESSENTIAL FUNCTIONS AND DUTIES: Act as a senior escalation point for the SOC, leading the most complex investigations and providing expert-level analysis across security tools (SIEM, EDR, IDS/IPS, forensic platforms, cloud environments). Direct and coordinate incident response activities end-to-end, including containment, eradication, recovery, and executive-level reporting. Perform deep forensic analysis and malware investigation to determine root cause, scope, and impact of incidents. Own and evolve incident response playbooks, ensuring they align with industry best practices, regulatory requirements, and organizational needs. Partner with IT, infrastructure, compliance, and business stakeholders to mitigate vulnerabilities and implement long-term risk reduction strategies. Proactively conduct advanced threat hunting to identify signs of compromise and improve detection methodologies. Lead post-incident reviews, delivering actionable recommendations and driving continuous improvement across tools, processes, and training. Serve as a mentor and technical advisor to junior and mid-level analysts, fostering professional growth and knowledge transfer. Maintain deep knowledge of current threat actors, tactics, techniques, and procedures (TTPs) to inform detection engineering and response efforts. Collaborate with leadership to influence strategic cybersecurity initiatives, tool selection, and investment decisions. Lead or co-lead tabletop exercises and simulations to validate and strengthen the incident response program. Ensure adherence to all applicable regulatory frameworks (e.g., HIPAA, PCI-DSS, NIST, HITRUST) during investigations and response activities. Supports the vision, mission, and values of the organization in all respects. Supports the Lean principles of continuous improvement with energy and enthusiasm, functioning as a champion of change. Provides and maintains a safe environment for caregivers, patients and guests. Conducts all activities with the highest standards of professionalism and confidentiality. Complies with all applicable laws, regulations, policies and procedures, supporting the organization’s corporate integrity efforts by acting in an ethical and appropriate manner, reporting known or suspected violation of applicable rules, and cooperating fully with all organizational investigations and proceedings. Delivers customer service and/or patient care in a manner that promotes goodwill, is timely, efficient, and accurate. May perform additional duties of similar complexity within the organization, as required or assigned. EDUCATION: Required: Bachelor’s degree in Information Technology, Cybersecurity, or a related discipline, or equivalent combination of education and experience. Preferred: Master’s degree in Cybersecurity, Information Technology, or a related discipline. LICENSURE/CERTIFICATION/REGISTRATION: Required: At least one advanced security certification within one (1) year of hire (e.g., GCIH, GCIA, CISSP, CISM). Preferred: Advanced technical certifications such as OSCP, CHFI, GNFA, or equivalent. EXPERIENCE: Required: Minimum of seven (7) years of experience in information security, with at least four (4) years focused on incident response or SOC operations. Proven expertise in forensic analysis, malware investigation, SIEM/EDR tuning, and large-scale incident handling. Preferred: Experience in regulated industries such as healthcare or finance. Demonstrated expertise in cloud security, detection engineering, and proactive threat hunting. Prior experience influencing security strategy and mentoring teams. PERSONAL PROTECTIVE EQUIPMENT: Must be able to wear appropriate Personal Protective Equipment (PPE) required to perform the job safely. PHYSICAL REQUIREMENTS: Continually (75% or more): Use of clear and audible speaking voice and the ability to hear normal speech level. Frequently (50%): Sitting, standing, walking, lifting 1-10 pounds, keyboard operation. Occasionally (25%): Bending, climbing stairs, reaching overhead, carrying/pushing or pulling 1-10 pounds, grasping/squeezing. Rarely (10%): Stooping/kneeling/crouching, lifting, carrying, pushing or pulling 11-15 pounds, operation of a motor vehicle. Never (0%): Climbing ladder/stepstool, lifting/carrying/pushing or pulling 25-50 pounds, ability to hear whispered speech level. Exposure to Elemental Factors Never (0%): Heat, cold, wet/slippery area, noise, dust, vibration, chemical solution, uneven surface. Blood-Borne Pathogen (BBP) Exposure Category No Risk for Exposure to BBP Schedule Weekly Hours: 40 Caregiver Type: Regular Shift: Is Exempt Position? Yes Job Family: ANALYST INFORMATION TECHNOLOGY Scheduled Days of the Week: Monday-Friday Shift Start & End Time: 8 am-5 pm, with exceptions based on project and on-call work. St. Charles Health System is a private, nonprofit organization, dedicated to providing high-quality care and the latest in health care technology to the communities it serves. Headquartered in Bend, Ore., St. Charles is an integrated delivery system, with a strong focus on population health, that provides a full range of evidence-based health care services within a 32,000-square-mile area in Central and Eastern Oregon. The health system owns and operates a trauma level II, tertiary referral center in Bend, a trauma level III, type B rural hospital in Redmond, and trauma level IV critical access hospitals in both Prineville and Madras. As the largest employer in Central Oregon, St. Charles Health System and St. Charles Medical Group care for our communities in more than two dozen outpatient clinics and in more than 20 specialty areas of medicine. For additional information, such as Career FAQ's, benefits, and why your dream job awaits, please visit our Careers site. With a variety of nursing positions available, you can choose a career path that fits both your interests AND your lifestyle. Please click on the link for additional help on navigating the candidate site and features of the candidate home page. Candidate Home User Guide