Cybersecurity Operations Analysts
PURPOSE AND SCOPE
Fresenius Medical Care's CSOC seeks a Principal Analyst to lead engineering and development of advanced enterprise wide detection and threat analytics capabilities. The role drives security engineering strategy, AI enhanced detection logic, threat modeling, and continuous tuning across diverse platforms. It also leads SOAR engineering—building automations, integrating security tools, and creating workflows that reduce manual work and speed up response—while partnering closely with Security and Global IT teams. This is a U.S.-based remote position supporting Fresenius Medical Care's Global Cyber Security Operations Center. PRINCIPAL DUTIES AND RESPONSIBILITIES
Lead architecture, development, and maintenance of SOAR playbooks and automation pipelines. Automate repetitive security operations and security engineering workflows (EDR, VM scanning, SIEM enrichment, IR actions). Integrate security tools and platforms using APIs, scripting, and microservices. Improve MTTR and reduce operational overhead through intelligent automatio n by closely partnering with S ecurity Engineering, IT Operations, and Cloud Teams. Develop KPIs to measure automation impact and report operational improvements. Lead POCs for new automation platforms and evaluate opportunities for AI-based operations. Provide mentorship and code reviews for automation engineers and analysts. Partner with security engineering on telemetry strategy, logging requirements, and architectural standards for monitoring visibility. Integrate AI/ ML driven detection capabilities into existing pipelines, validating model performance and reducing false positives. M aintain ingestion pipelines, parsing logic, normalization rules, and event taxonomies across critical log sources: identity, endpoint, cloud, network, application, and medical systems. Lead the design, implementation, and optimization of enterprise wide detection content, including correlation rules, behavioral analytics, machine learning assisted detections, and anomaly models. Develop detection playbooks and logic focused on lateral movement, credential abuse, insider threats, privilege escalation, cloud compromise, and advanced persistent threats. Tune, optimize , and enrich detection pipelines with contextual data (identity, asset, threat intelligence, vulnerability data). Mentor analysts and engineers globally on detection logic development, data analytics, and platform best practices. Serve as a senior escalation point for complex security incidents and investigations PHYSICAL DEMANDS AND WORKING CONDITIONS
: The physical demands and work environment characteristics represent those typically encountered while performing essential duties. Reasonable accommodation may be made as needed. This is a remote role with availability expected during core hours and during escalations as required . SUPERVISION
Provides technical leadership and mentorship to threat engineers , automation engineers and security operations analysts globally. Does not directly manage staff . EDUCATION
: Minimum Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience). EXPERIENCE AND REQUIRED SKILLS
: 5+ years in automation engineering, SOAR engineering, or DevSecOps . Strong scripting/programming experience (Python required ; PowerShell, Go, or NodeJS a plus ). Hands-on experience with:
SOAR platforms (Cortex XSOAR, Splunk SOAR, Microsoft Sentinel automation) API integrations and REST/JSON
workflows CI/CD tools (GitHub, GitLab, Azure DevOps) Deep understanding of SOC processes, alerting workflows, and incident response. Experience integrating EDR, VM, identity, and cloud security tools. Preferred:
Experience with AI-driven automation or LLM-assisted workflow design. Certifications:
GCSA, GCFA, GCIH, scripting/DevOps certs. Experience in hybrid or multi-cloud environments. Fresenius Medical Care maintains a drug-free workplace in accordance with applicable federal and state laws. The rate of pay for this position will depend on the successful candidate's work location and qualifications, including relevant education, work experience, skills, and competencies. Annual Rate:
$117,700.00 - $196,200.00 for Waltham, MA location Benefit Overview:
This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance
Apply tot his job
Apply To this Job
Fresenius Medical Care's CSOC seeks a Principal Analyst to lead engineering and development of advanced enterprise wide detection and threat analytics capabilities. The role drives security engineering strategy, AI enhanced detection logic, threat modeling, and continuous tuning across diverse platforms. It also leads SOAR engineering—building automations, integrating security tools, and creating workflows that reduce manual work and speed up response—while partnering closely with Security and Global IT teams. This is a U.S.-based remote position supporting Fresenius Medical Care's Global Cyber Security Operations Center. PRINCIPAL DUTIES AND RESPONSIBILITIES
Lead architecture, development, and maintenance of SOAR playbooks and automation pipelines. Automate repetitive security operations and security engineering workflows (EDR, VM scanning, SIEM enrichment, IR actions). Integrate security tools and platforms using APIs, scripting, and microservices. Improve MTTR and reduce operational overhead through intelligent automatio n by closely partnering with S ecurity Engineering, IT Operations, and Cloud Teams. Develop KPIs to measure automation impact and report operational improvements. Lead POCs for new automation platforms and evaluate opportunities for AI-based operations. Provide mentorship and code reviews for automation engineers and analysts. Partner with security engineering on telemetry strategy, logging requirements, and architectural standards for monitoring visibility. Integrate AI/ ML driven detection capabilities into existing pipelines, validating model performance and reducing false positives. M aintain ingestion pipelines, parsing logic, normalization rules, and event taxonomies across critical log sources: identity, endpoint, cloud, network, application, and medical systems. Lead the design, implementation, and optimization of enterprise wide detection content, including correlation rules, behavioral analytics, machine learning assisted detections, and anomaly models. Develop detection playbooks and logic focused on lateral movement, credential abuse, insider threats, privilege escalation, cloud compromise, and advanced persistent threats. Tune, optimize , and enrich detection pipelines with contextual data (identity, asset, threat intelligence, vulnerability data). Mentor analysts and engineers globally on detection logic development, data analytics, and platform best practices. Serve as a senior escalation point for complex security incidents and investigations PHYSICAL DEMANDS AND WORKING CONDITIONS
: The physical demands and work environment characteristics represent those typically encountered while performing essential duties. Reasonable accommodation may be made as needed. This is a remote role with availability expected during core hours and during escalations as required . SUPERVISION
Provides technical leadership and mentorship to threat engineers , automation engineers and security operations analysts globally. Does not directly manage staff . EDUCATION
: Minimum Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience). EXPERIENCE AND REQUIRED SKILLS
: 5+ years in automation engineering, SOAR engineering, or DevSecOps . Strong scripting/programming experience (Python required ; PowerShell, Go, or NodeJS a plus ). Hands-on experience with:
SOAR platforms (Cortex XSOAR, Splunk SOAR, Microsoft Sentinel automation) API integrations and REST/JSON
workflows CI/CD tools (GitHub, GitLab, Azure DevOps) Deep understanding of SOC processes, alerting workflows, and incident response. Experience integrating EDR, VM, identity, and cloud security tools. Preferred:
Experience with AI-driven automation or LLM-assisted workflow design. Certifications:
GCSA, GCFA, GCIH, scripting/DevOps certs. Experience in hybrid or multi-cloud environments. Fresenius Medical Care maintains a drug-free workplace in accordance with applicable federal and state laws. The rate of pay for this position will depend on the successful candidate's work location and qualifications, including relevant education, work experience, skills, and competencies. Annual Rate:
$117,700.00 - $196,200.00 for Waltham, MA location Benefit Overview:
This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance
Apply tot his job
Apply To this Job