Senior Cyber Security Defense Engineer
Vail Health has become the world’s most advanced mountain healthcare system. Vail Health consists of an updated 520,000-square-foot, 56-bed hospital. This state-of-the-art facility provides exceptional care to all of our patients, with the most beautiful views in the area, located centrally in Vail. Learn more about Vail Health here.
Under the direction of the Chief Information Security Officer (CISO), the Senior Cyber Security Defense Engineer, is a high-impact, senior-level individual contributor who architects, implements, and continuously matures the technical capabilities that actively defend Vail Health from sophisticated cyber threats and measurably reduce enterprise cyber risk. The ideal candidate brings deep hands-on expertise, sound judgment, drives the strategy, execution, and continuous improvement of vulnerability management, patching, cyber threat intelligence monitoring, and incident response capabilities. The role operates at the intersection of security engineering, security operations, compliance, and risk management — influencing outcomes across Infrastructure, Cloud, Applications, and clinical business units while ensuring alignment with Health Insurance Portability and Accountability Act (HIPAA), National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), Center of Internet Security (CIS Controls v8), MITRE ATT&CK, and Health and Human Services (HHS) 405(d) Health Industry Cybersecurity Practices (HICP).
- Own and lead the enterprise patch management and security health program across endpoints, servers, cloud platforms, network devices, and security technologies — establishing governance, SLAs, and compliance reporting that support executive risk decisions.
- Design, implement, and continuously improve secure configuration standards, automated patch deployment workflows, and change management integration in collaboration with Infrastructure and Cloud teams.
- Own and continuously mature the Vulnerability Management Program — governing tooling strategy, scanning cadence, risk-based prioritization (common vulnerability scoring system (CVSS), known exploited vulnerabilities(KEV), asset criticality, data sensitivity), remediation service level agreement enforcement, and validation of remediation effectiveness — while producing defensible reporting, trend analysis, and exception documentation for leadership, auditors, and governance reviews.
- Define and maintain enterprise patch compliance metrics, configuration hygiene baselines, and vulnerability exposure dashboards with measurable key performance indicators (KPI)s tied to risk reduction outcomes.
- Provide advanced Tier 2/Tier 3 security operations support, independently investigating and responding to complex security alerts including malware, endpoint compromise, lateral movement, privilege escalation, and anomalous behavior patterns.
- Correlate security telemetry across security information and event management (SIEM), endpoint detection and response (EDR), email security, cloud, and network platforms to identify, prioritize, and contain active and emerging threats; systematically improve detection fidelity through alert tuning, correlation logic, and automation.
- Develop, maintain, and continuously improve security operations runbooks, incident response playbooks, escalation procedures, and detection engineering standards that improve operational effectiveness and reduce analyst toil.
- Lead enterprise email security operations and social engineering defense including proactive monitoring and response for phishing, smishing, spoofing, and business email compromise (BEC) campaigns.
- Optimize email and messaging security controls — including DMARC, DKIM, SPF enforcement, anti-phishing technology configuration, and analytics — to measurably reduce user-facing risk and improve prevention posture.
- Serve as a core incident responder and technical lead, driving containment, eradication, recovery, forensic evidence collection, log analysis, and root-cause investigation for cybersecurity incidents affecting Vail Health.
- Author post-incident reviews and drive continuous improvement through lessons-learned integration, control enhancement recommendations, and participation in on-call incident response rotations.
- Support enterprise risk management, audit, and compliance initiatives by independently delivering defensible security metrics, dashboards, and executive-level reporting without requiring rework or interpretation support.
- Identify and execute opportunities for operational efficiency and cost savings through tool optimization, automation investment, and vendor rationalization — coordinating with CISO and procurement.
Mentor and provide technical guidance to junior engineers and IT partners; actively influence a security-first culture through standards, documentation, and cross-functional collaboration. - Collaborates cross-functionally and contributes to a security-first culture while supporting on-call rotations for 24/7 system needs.
- Eight years of progressive experience in cybersecurity engineering, threat detection, vulnerability management, or incident response — with demonstrated expertise across multiple domains.
- Proven record of accomplishment of standing up or significantly maturing enterprise patch management and vulnerability management programs, including governance frameworks, SLA development, operational cadence, and stakeholder reporting.
- Hands-on expertise with enterprise patch management platforms such as Tanium, HCL BigFix, Automox, SCCM/Intune, WSUS, or JAMF — including deployment automation and change workflow integration.
- Deep experience with enterprise security tooling including Tenable, Qualys, or Rapid7 (vulnerability management) and Microsoft Defender, CrowdStrike, or Sentinel One (EDR/endpoint protection).
- Demonstrated proficiency with SIEM platforms (Microsoft Sentinel, Splunk, LogRhythm, or equivalent) including advanced log analysis, detection authoring, alert tuning, and threat correlation at scale.
- Strong command of security frameworks and methodologies — NIST CSF, CIS Controls v8, MITRE ATT&CK, and ISO 27001 — with the ability to directly map technical work to control outcomes and audit evidence.
- Experience operating in regulated, audit-intensive environments with direct accountability for audit support and compliance evidence production; healthcare experience strongly preferred.
- Demonstrated ability to independently influence cross-functional stakeholders, prioritize remediation in complex distributed environments, and communicate technical risk in business-impact terms without requiring translation support.
- Bachelor's degree in Computer Science, Information Systems, Engineering, or a related technical discipline — or equivalent professional experience demonstrating the same depth of competency.
- Certified Information Systems Security Professional (CISSP), Security+, CySA+, CEH, GCIH, GCIA, GMON, or cloud security certifications (Azure, AWS, M365).
- Other IT Security Certifications Desired: CISM, CISA, Microsoft, Cisco
Benefits at Vail Health (Full Time) Include:
- Competitive Wages & Family Benefits:
- Competitive wages
- Parental leave (4 weeks paid)
- Housing programs
- Childcare reimbursement
- Comprehensive Health Benefits:
- Medical
- Dental
- Vision
- Educational Programs:
- Tuition Assistance
- Existing Student Loan Repayment
- Specialty Certification Reimbursement
- Annual Supplemental Educational Funds
- Paid Time Off:
- Up to five weeks in your first year of employment and continues to grow each year.
- Retirement & Supplemental Insurance:
- 403(b) Retirement plan with immediate matching
- Life insurance
- Short and long-term disability
- Recreation Benefits, Wellness & More:
- Up to $1,000 annual wellbeing reimbursement
- Recreation discounts
- Pet insurance
The posted salary range for this position is the anticipated hiring range in Colorado and will be adjusted based on geographic location. Vail Health considers a variety of factors in making compensation decisions which influence the offer a candidate receives.
Yearly pay:
$104,208 - $143,811.20 USD
Apply for this job
*
indicates a required field