Vail HealthRemote
Cyber Security Defense Engineer
United States of America
Full Time
2 hours ago
$97,000 - $134,000 USD
Visa Sponsor
Key skills
Cybersecurity engineeringThreat detectionVulnerability managementIncident responseEnterprise patch managementSecurity frameworksSIEM platformsSecurity toolingAWSAzureRisk ManagementDecision MakingCollaborationCloud Security
About this role
Vail Health is the world’s most advanced mountain healthcare system, and they are seeking a Cyber Security Defense Engineer to lead efforts in defending their environment from cyber threats. The role involves designing and implementing security systems, managing vulnerabilities, and collaborating with IT and compliance teams to enhance organizational security practices.
Responsibilities:
- Owns and leads the enterprise patch management and security health program across endpoints, servers, cloud platforms, network devices, and security technologies
- Designs, implements, and continuously improves secure configuration standards, patch deployment processes, automation, and change workflows in collaboration with Infrastructure and Cloud teams
- Defines, tracks, and reports enterprise patch compliance, configuration hygiene, and vulnerability exposure metrics to support risk‑based decision making
- Provides advanced (Tier 2/Tier 3) security operations support, investigating and responding to complex security alerts including malware, endpoint compromise, lateral movement, and anomalous behavior
- Correlates security telemetry across SIEM, EDR, email, cloud, and network platforms to identify, prioritize, and contain active and emerging threats
- Develops and maintains security operations with runbooks, incident response playbooks, escalation procedures, and detection tuning to improve operational effectiveness and signal quality
- Leads enterprise email security and social engineering defense, including monitoring and response for phishing, smishing, spoofing, and business email compromise (BEC)
- Optimizes email and messaging security controls, including DMARC, DKIM, SPF, and anti‑phishing technologies, and analyzes attack trends to strengthen preventive controls and awareness initiatives
- Serves as a core incident responder, supporting containment, eradication, recovery, forensic evidence collection, log analysis, and root‑cause investigations for cybersecurity incidents
- Drives post‑incident reviews and continuous improvement, including lessons learned, control enhancements, and participation in on‑call incident response rotations
- Supports enterprise risk management, audit, and compliance initiatives by delivering defensible security metrics, dashboards, and executive‑level reporting
- Oversees and evolves the Vulnerability Management Program, including tooling strategy, continuous scanning, risk‑based prioritization, remediation SLAs, reporting, and validation of remediation effectiveness with system owners
- Collaborates cross-functionally and contributes to a security-first culture while supporting on-call rotations for 24/7 system needs
Requirements:
- Five years of progressive experience in cybersecurity engineering, threat detection, vulnerability management, or incident response (multiple areas preferred)
- Three years of experience in healthcare information security preferred
- Hands-on expertise with enterprise patch management platforms (Tanium, HCL BigFix, Automox, KACE, Microsoft System Center Configuration Manager, Intune, Windows Server Update Services, Jamf, etc.)
- Proven experience with enterprise security tooling such as Tenable, Qualys, Rapid7, Microsoft Defender, CrowdStrike, or equivalent
- Strong understanding of security frameworks and methodologies including National Institute of Standards and Technology Cybersecurity Framework, Center of Internet Security Controls, MITRE ATT&CK, and International Organization for Standardization 27001
- Experience working with SIEM platforms and performing advanced log analysis
- Bachelor's degree in computer science or information systems preferred
- Certified Information Systems Security Professional (CISSP), Security+, CompTIA Cybersecurity Analyst+(CYSA+), Certified Ethical Hacker, GCIA Certified Incident Handler (GCIH), GCIA Certified Intrusion Analyst (GCIA), GIAC Continuous Monitoring (GMON), or cloud security certifications (Azure, AWS, M365)
- Other IT Security Certifications Desired: Certified Information Security Manager(CISM), Certified Information System Auditor (CISA), Microsoft, Cisco