Senior Cyber Incident Responder
Company: LabCorp
Location: Alamance
Posted on: March 2, 2026
|
|
|
Job Description:
As a core member of the Office of Information Security’s
Detection and Response Team (DaRT), the Senior Incident Responder
plays a mission-critical role in protecting patient care,
safeguarding sensitive health information, ensuring clinical
continuity, and enabling diagnostic and genetic innovation. This
position leads the investigation, containment, and resolution of
cybersecurity incidents that could impact the confidentiality,
integrity, or availability of systems across the enterprise. You’ll
collaborate across clinical, IT, and compliance teams to respond to
security threats. You’ll handle escalated events from the SOC,
perform technical investigations, and lead recovery efforts while
maintaining compliance with requirements associated with HIPAA,
HITRUST, GDPR, etc. If youre driven by purpose, technically sharp,
and thrive in fast-paced environments where security meets patient
care—this is the role for you. Applicants who live within 35 miles
of either the Burlington, NC or Durham, NC location will follow a
hybrid schedule. This schedule includes a minimum of three
in-office days per week at an assigned location, either Burlington
or Durham, supporting both collaboration and flexibility.
RESPONSIBILITIES Serve as the lead responder for validated cyber
incidents—prioritizing threats that could impact clinical
operations, electronic health records (EHR), connected medical
devices, or protected health information (PHI). Coordinate with
technical and clinical stakeholders to contain and remediate
threats across hospitals, clinics, and remote care environments.
Drive improvements to the Incident Response Plan—ensuring readiness
for ransomware, business email compromise, and other threats. Lead
triage, containment, and root cause analysis of events affecting
clinical applications, patient portals, imaging systems, and
backend infrastructure. Analyze logs and EDR telemetry from a wide
range of systems—medical devices, cloud applications, employee
workstations, and data exchange platforms Perform investigations
across Windows, Linux, iOS, and cloud platforms, using SIEM and
manual log analysis where required. Lead stakeholder briefings
during high-severity incidents. Enrich investigations using
internal threat intel, OSINT, and health sector-specific sources
(e.g., H-ISAC, HC3 bulletins). Contribute to detection engineering
and playbook development aligned with healthcare-specific threat
vectors. Write post-incident reports with clear insights for
operational, risk, and compliance teams. REQUIREMENTS 3 years of
experience in cybersecurity, preferably with exposure to healthcare
IT, hospital systems, or regulated environments. Hands-on incident
response experience in large enterprise environments (30K users,
multiple business units or hospitals). Strong understanding of
HIPAA security rule, HITECH, and how regulatory requirements
intersect with incident handling. Familiarity with common
healthcare systems such as Epic, Cerner, HL7/FHIR interfaces, or
IoMT devices. Experience with incident response frameworks (NIST
800-61, HITRUST IRM, etc.) and adversary models (MITRE ATT&CK,
Cyber Kill Chain). Proficient in SIEM (e.g., Splunk, Anvilogic),
EDR platforms (e.g., CrowdStrike, SentinelOne, ), and forensic
tools. Strong skills in Windows and Linux OS investigations,
network protocol analysis, and EDR telemetry. Proficient in writing
detection rules and custom signatures to identify malicious
activity. PowerShell, Python, or Bash scripting skills are a plus.
Clear communicator with experience handling sensitive incidents in
regulated industries. Ability to lead investigations that involve
patient data and coordinate with privacy and compliance officers.
EDUCATION / CERTIFICATIONS Bachelors degree in Cybersecurity,
Information Systems, or a related field—or equivalent experience in
a regulated enterprise. Preferred certifications include: GCIH,
GCFA, GCFE, GNFA, GCTI, CISSP, or HCISPP (Healthcare Certified
Information Security and Privacy Practitioner). Benefits: Employees
regularly scheduled to work 20 or more hours per week are eligible
for comprehensive benefits including: Medical, Dental, Vision,
Life, STD/LTD, 401(k), Paid Time Off (PTO) or Flexible Time Off
(FTO), Tuition Reimbursement and Employee Stock Purchase Plan.
Casual, PRN & Part Time employees regularly scheduled to work less
than 20 hours are eligible to participate in the 401(k) Plan only.
Employees who are regularly scheduled to work a 7 on/7 off schedule
are eligible to receive all the foregoing benefits except PTO or
FTO. For more detailed information, please click here. Labcorp is
proud to be an Equal Opportunity Employer: Labcorp strives for
inclusion and belonging in the workforce and does not tolerate
harassment or discrimination of any kind. We make employment
decisions based on the needs of our business and the qualifications
and merit of the individual. Qualified applicants will receive
consideration for employment without regard to race, religion,
color, national origin, sex (including pregnancy, childbirth, or
related medical conditions), family or parental status, marital,
civil union or domestic partnership status, sexual orientation,
gender identity, gender expression, personal appearance, age,
veteran status, disability, genetic information, or any other
legally protected characteristic. Additionally, all qualified
applicants with arrest or conviction records will be considered for
employment in accordance with applicable law. We encourage all to
apply If you are an individual with a disability who needs
assistance using our online tools to search and apply for jobs, or
needs an accommodation, please visit our accessibility site or
contact us at Labcorp Accessibility. For more information about how
we collect and store your personal data, please see our Privacy
Statement.
Keywords: LabCorp, Burlington , Senior Cyber Incident Responder, IT / Software / Systems , Alamance, North Carolina
