Datavant is a data platform company and the world’s leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format.

Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world’s leading life sciences companies, government agencies, and those who deliver and pay for care. 

By joining Datavant today, you’re stepping onto a high-performing, values-driven team. Together, we’re rising to the challenge of tackling some of healthcare’s most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare. 

What We’re Looking For

Become a vital defender of our digital landscape as a SOC/SIRT engineer. You’ll monitor and analyze security alerts, swiftly respond to incidents, and collaborate with top IT and security teams to fortify our defenses. If you’re passionate about cybersecurity and ready to make a significant impact, join us and elevate your career. 

What You Will Do

Monitor and analyze security alerts from SIEM / EDR platforms to detect and mitigate threats. Analyze and investigate DLP alerts, enforce data protection policies, and reduce insider threats. Collaborate with compliance, IT, and risk management teams to enforce security controls and reduce data exposure risks. Lead and manage complex incident response engagements, ensuring effective coordination and communication across technical teams and stakeholders. Design, mature, and implement advanced playbooks for triage, investigation, and response to cyber threats, with a focus on continuous improvement and automation. Spearhead initiatives to enhance our incident response processes, leveraging the latest methodologies and technologies to increase efficiency and effectiveness. Communicate complex security incidents and recommendations to customers and stakeholders, translating technical details into actionable intelligence. Perform root cause analysis on impacted machines / platforms to help mitigate future risks.

What You Need to Succeed

5+ years of experience in Security Operations, with 2 years of experience in a healthcare environment. Advanced knowledge and hands-on experience in incident response and cybersecurity operations. Strong understanding of Windows event logs and other investigation relevant artifacts. Expertise in log management, SIEM, endpoint protection, and advanced security tools and technologies. Proficiency in scripting languages like Python, PowerShell, or Bash. Experience with threat actors / APT groups targeting healthcare. Availability for on-call duties, including nights, weekends, and holidays, to respond to high-priority incidents.

What Helps You Stand Out

Experience performing Digital Forensics a plus Experience in a senior managed services or incident response role. Familiarity with advanced tools and technologies, such as Splunk, Crowdstrike, Microsoft Azure, AWS, Google Workspace, etc. GIAC Certified (GCIH, GCFE, GCFA)