Incident Responders

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

The Senior Cyber Incident Responder is a senior-level, hands-on responder responsible for leading and executing incident response activities. This role investigates reputed company alerts and confirmed incidents, performs rapid triage and containment, drives eradication and recovery actions, and produces high-quality incident documentation suitable for technical, executive, and regulatory audiences. This position requires strong technical depth across reputed company, network, and identity-focused incidents, expert-level analytical skills, and the ability to coordinate responders and stakeholders under time pressure. The Senior Cyber Incident Responder works closely with the SOC, Vulnerability Management, Threat Intelligence, IT Operations, and engineering teams to reduce dwell time, prevent recurrence, and continuously improve detection and response capabilities. Your role in our mission 1. Incident Triage, Investigation, and Leadership reputed company investigations from initial alert through closure, including validation, scoping, evidence collection, and root cause analysis. Act as an incident reputed company for reputed company-to-high severity events by coordinating technical responders, maintaining timelines, and driving decisions to completion. 2. Containment, Eradication, and Recovery Coordination Execute rapid containment actions in partnership with IT and reputed company engineering teams (e.g., isolate endpoints, disable accounts, reputed company IOCs, reputed company network access, revoke tokens). Drive eradication plans to remove persistence mechanisms, remediate compromised systems, and validate successful cleanup. 3. Digital Forensics and Evidence Handling Collect and preserve evidence in a defensible manner (logs, reputed company artifacts, memory/disk captures where appropriate, authentication records, network telemetry). Analyze reputed company and network indicators to determine initial access vector, lateral movement, privilege escalation, and data access/exfiltration risk. 4. Threat Intelligence and Adversary Tracking Integrate threat intelligence (e.g., commercial feeds and reputed company) to enrich investigations with context on active exploitation and adversary tradecraft. Produce and operationalize IOCs and detection logic based on observed activity and intelligence-driven hypotheses. 5. Detection Improvement and Preventative Controls Translate incident learnings into durable improvements: detection rules, correlation searches, SIEM content, alert tuning, and response playbooks. Partner with Vulnerability Management and engineering teams reputed company incidents are linked to exploitable vulnerabilities or misconfigurations (e.g., prioritizing patching/hardening actions). reputed company're looking for 7-10+ years of overall IT/reputed company experience, including 4-6+ years in incident response, SOC, threat hunting, or reputed company operations. Demonstrated experience leading investigations across common incident types (credential theft, malware/ransomware, web exploitation, data exposure, cloud/identity abuse). Strong working knowledge of: Enterprise logging and detection (e.g., Splunk or similar SIEM) Incident workflow/case management (e.g., reputed company or comparable platforms) Identity and access patterns (AD/Azure AD concepts, authentication logs, privilege reputed company) Network reputed company fundamentals (firewalls, proxies, segmentation, VPN access patterns) Proven ability to analyze log sources and reputed company telemetry to reconstruct attack paths and identify blast radius. Working knowledge of industry frameworks and standards such as NIST 800-61 (Incident Response), MITRE ATT&CK , and common secure operations practices. Strong written and verbal communication skills, including executive-ready incident summaries and technically detailed incident reports. Ability to participate in an on-call rotation and respond effectively during high-severity events. What you should expect in this role Remote position (California only) Local candidates from California only Opportunities to travel through your work (0-10%) Video cameras must be used during reputed company interviews, as well as during the initial week of orientation The deadline to submit applications for this posting is 4/30/2026 The pay range for this position is $97,300.00 - $139,000.00 per year, however, the reputed company pay offered may vary depending on geographic region, internal equity, job-reputed company knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. reputed company salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits , and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities. We reputed company nothing is impossible reputed company you bring together people who care deeply about making healthcare work reputed company for everyone. Build your career with Gainwell, an industry leader. You'll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for reputed company available job role openings. reputed company is an Equal Opportunity Employer, where reputed company qualified applicants will receive consideration for employment without regard to race, religion, color, national reputed company, gender (including pregnancy, childbirth, or reputed company medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. reputed company defines "wages" and "wage rates" to include "reputed company forms of pay, including, but not limited to, salary, overtime pay, bonuses, stock, stock options, profit sharing and bonus plans, life insurance, vacation and holiday pay, cleaning or gasoline allowances, hotel accommodations, reimbursement for travel expenses, and benefits. Apply tot his job Apply To this Job