Team Lead – Security SOC and Incident Response



Community Health Systems, Inc. is one of the nation’s leading operators of general acute care hospitals. The organization’s affiliates own, operate or lease 158 hospitals in 22 states with approximately 26,000 licensed beds. Affiliated hospitals are dedicated to providing quality healthcare for local residents and contribute to the economic development of their communities. Based on the unique needs of each community served, these hospitals offer a wide range of diagnostic, medical and surgical services in inpatient and outpatient settings.
CHSPSC, LLC seeks an Team Lead – Security SOC and Incident Response for its Franklin, TN, headquarters’ Security team.
•Candidates must be willing to delegate tasks to engineers in a rotational 24×7 Security Operations Center (SOC) environment. The Team Lead candidate will also demonstrate intuitive problem solving skills and communicate alerts to the appropriate stakeholders regarding intrusions and compromises to their network infrastructure, applications and operating systems
•Identify the operational state of intrusion detection by guiding and delegating the monitoring, analyzing and reporting on unwanted manipulation to systems, malicious network traffic, network attacks against vulnerable services, data driven attacks on applications, host based attacks or unauthorized access to sensitive data
•Point of contact for enterprise incident response by guiding detection, analysis, containment, eradication and remediation on attacks that deny the use of authorized applications, network systems or other company resources
•Facilitates escalation procedures to counteract incidents, threats and vulnerabilities while working in partnership with the constituents that consist of enterprise legal staff, litigation or Corporate Compliance
•Compiles and documents indicators of compromise from intel sources and monitor scans across end points
•Coordinates Investigation, documentation and reporting on information security issues and emerging trends
•Facilitates guidance in the analysis of network flow data for anomalies and detect malicious network activity
•Provides guidance on network incident investigations to determine the root cause of the security incident and preserving evidence for potential legal action
•Coordinates communication with other specialists and team leads as required
•Coordinate communication to leadership on incidents and incident prevention
•Collect, collaborate and communicate incident details to peers and managers
•Coaching and mentoring senior, junior and associate staff by translating complex nuances  into easy to understand terms in a business and/or technology context
•Reviews and maintains knowledge sharing documentation with other engineers and develops sound process improvements and solutions efficiently
•Assists in coordinating staff during attack and penetration testing exercises of company infrastructure and assets to improve and ensure confidentiality, integrity and availability of all company infrastructure and data
•Advocates the transfer of security knowledge on technologies and methodologies as it relates to operating systems, firewalls,  access controls, encryption, networking, programming/ scripting, auditing, vulnerability assessments, intrusion management and operations to improve security process as part of the incident response life cycle


Bachelor’s degree.  Appropriate industry certification(s) required.
•Minimum of 5 years of  IS/IT experience with application, network and operating system assessments with at least 3 of those years focused in IS/IT security in a medium to large enterprise
•Ability to utilize critical thinking skills to coordinate resolution of issues from discovery to closure
•Works independently as well as collaboratively with minimal managerial supervision
•Mentors and coaches seniors, mid-level and associate staff members
•Hands-on expert knowledge of the following: Security Information and Event Management,  packet capture, end point monitoring, vulnerability scanning, firewall, antivirus & malware analysis, proxy, Intrusion Detection Systems/Intrusion Prevention Systems, log correlation tools, Data Loss Prevention, Network Access Control, Active Directory and application firewall solutions
•Expert knowledge of TCPIP/UDP/ICMP
•Expert ability to determine, execute and/or oversee remediation activities
•Expert  knowledge of the OSI Reference Model
•Windows/Linux/Unix operating systems
•Expert  knowledge of  networking components (routers switches, load balancers, wireless access points, etc)
•Expert  knowledge of routing protocols ( RIPvX, OSPF, etc)
•Expert  knowledge of  mail servers and web servers
•Expert  knowledge of vulnerability assessments
•Expert  knowledge of intrusion management and its components
•Expert  knowledge of encryption algorithms and ciphers (PKI/ SSL)
•Expert knowledge of malicious code (worms, viruses, spyware, etc.)
•Expert knowledge of using Microsoft Office and Visio to create documents, presentations, and detailed drawings
•Excellent technical writing, documentation, and communication skills are required
Desired but not required:
•Experience QRadar SIEM console
•Experience with endpoint and packet capture solutions
•Experience with STIX, TAXII, HiTrust
•Experience with Virtual Private Networking
•Advanced knowledge of packet inspection/ sniffers
•Advanced knowledge of forensics and e-discovery
•Experience with automation and scripting of applications and systems
•Advanced knowledge of anomaly detection (signature/behavioral)
•Advanced knowledge of event log correlation
•Experience with the following Operating Systems/Applications (AS400, Novell/NetIQ, MS Windows, Cerner, Meditech, Health Management Systems, etc.)
Experience in supporting Healthcare environment helpful.
Technical competence in areas listed above.  Excellent customer service skills. Demonstrates an expert understanding, knowledge and ability. Demonstrates expert knowledge of policies and procedures, and information security standards including the ability to interpret and translate subject matter to various audiences. Coaches and mentors others in the by translating complex nuances into easy to understand terms in a business and/or technology context. Participate in manager and executive level discussions regarding development of reference and resource materials for their skill level.


 Information Systems

Primary Location

TN-Franklin (Nashville Region)

Working Location Two Meridian, Franklin Tn
Shift Day Shift
Forecasted paid hours per shift 8
Forecasted hours per pay week 40

Employee Status



. . . . . . . .

Leave a Reply