JOB DESCRIPTION

Join a world-class academic healthcare system, UChicago Medicine, as an Information Security Manager – Security Operations Center in our Information Security department. This position will be primarily a work from home opportunity with the requirement to come onsite once a week to our Darien office. You will need to be based in the greater Chicagoland area.
This position will oversee and enhance security operations by managing the Security Information and Event Management (SIEM) and Security, Orchestration, and Automation Response (SOAR) system, managing threat hunting efforts, managing the relationship with an outsourced security services provider, and helping to build and manage an internal security operations center. This role will be responsible for ensuring our security monitoring, detection, and response capabilities are robust, efficient, and continuously evolving to meet emerging threats.

REQUIRED QUALIFICATIONS

• Bachelor’s degree from an accredited college or university
• 5+ years of experience in security operations, threat detection, and/or incident response
• Minimum of at least 2 years of work experience in an Information Security Operations Center or equivalent experience
• Prior experience managing a security team and/or mentoring security analysts
• Experience working with managed security service providers (MSSPs) or third-party security vendors
• Security certifications or ability to obtain within 2 years such as CISSP, GIAC (GCIH, GCIA, GCFA), CEH, or equivalent
• Deep understanding of the Google Chronicle or similar SIEM and SOAR platform - including rule creation, log ingestion, tuning, and alert triage
• Hands-on experience with EDR, XDR, SOAR platforms, vulnerability scanners, and endpoint protection
• Proficiency in scripting (e.g., PowerShell, Python) for automation and custom alerting/playbook development
• Familiarity with security monitoring in cloud environments (preferably Microsoft Azure), including log sources and native tools
• Knowledge of threat hunting methodologies, anomaly detection, and familiarity with threat intel feeds
• Skilled in managing and coordinating response to security incidents, including containment, eradication, and recovery
• Ability to analyze logs from firewalls, endpoints, IDS/IPS, and cloud environments to identify threats
• Strong knowledge of threat intelligence, adversary tactics, and cybersecurity frameworks (MITRE ATT&CK, NIST, CIS, etc.)
• Excellent written and verbal communication skills and the ability to collaborate across teams

PREFERRED QUALIFICATIONS

• Master’s degree
• Knowledge of HIPAA and other health related regulations
• Academic medical center and/or health care consulting experience

Please refer the Job description for details