Cybersecurity Incident Response Team Coordinator

GDIT is seeking a Cybersecurity Incident Response Coordinator to support the Indian Health Service PATH EHR system. This role will help deploy and secure a government-owned Electronic Healthcare Record (EHR) system within a cloud environment. The system needs to be deployed with a secure baseline, ensuring system integrity and compliance with healthcare and government regulations while addressing vulnerabilities in interconnected systems.

GDIT has been supporting the IHS mission for 20+ years; working with the agency to provide integral services to raise health access and availability to 2.6 million American Indians and Alaska Natives. You'll be part of modernizing the EHR platform to enable better data access, patient experience, and quality of care for 567 tribes, 37 states and over 600 medical facilities. 

Our work depends on a Cybersecurity Incident Response Coordinator joining our team to support the Indian Health Service (IHS) Electronic Health Records Modernization (EHRM) program. As a Cybersecurity Incident Response Coordinator supporting the IHS EHRM program, you will be responsible for supporting the Cybersecurity team to ensure secure implementation of the EHR.

This position is fully remote! 

This role requires you to obtain and maintain an in-depth Public Trust Level 5. This investigation will review personal and criminal behavior, financial conduct, foreign influence, as well as other adjudications. 

HOW AN INCIDENT RESPONSE COORDINATOR WILL MAKE AN IMPACT:

• Act as the primary coordinator for cybersecurity incidents across all product and engineering teams.
• Lead real-time incident bridges and war rooms during active security events.
• Drive structured execution of the incident response lifecycle (detection, analysis, containment, eradication, recovery, post-incident review).
• Maintain accurate incident documentation, timelines, and impact assessments.
• Serve as the security liaison between product teams, engineering, infrastructure, legal, compliance, and executive leadership.
• Coordinate directly with cloud and enterprise technology providers, including Oracle environments where applicable.
• Align response efforts across multiple products to ensure consistency and minimize business impact.
• Participate in a 24/7 on-call rotation for high-severity cybersecurity incidents.
• Provide real-time status updates to leadership and stakeholders.
• Escalate incidents appropriately based on severity and business impact.
• Ensure SLA adherence and timely stakeholder notifications.
• Conduct post-incident reviews (PIRs) and drive root cause analysis efforts.
• Identify process gaps and recommend improvements to incident response playbooks.
• Develop and maintain runbooks for cloud-related and cross-product incidents.
• Partner with Security Operations to improve detection, response readiness, and automation.
• Support regulatory and customer reporting requirements related to security incidents.
• Ensure incident handling aligns with company security policies, industry standards, and audit requirements.
• Contribute to audit readiness and documentation efforts.

REQUIRED QUALIFICATIONS AND EXPERIENCE:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity, incident response, or security operations.
• 2+ years coordinating major security incidents in complex enterprise environments.

• Must have experience working with Indian Health Service (IHS)
• Strong understanding of the incident response lifecycle and best practices.
• Knowledge of cloud security concepts, including Oracle cloud environments.
• Experience with threat detection, containment, and mitigation practices.
• Experience working across multiple product or engineering teams in large-scale environments.
• Experience participating in 24/7 on-call rotations.

• Ability to travel up to 25%

• Ability to obtain and maintain a Public Trust Level 5

DESIRED QUALIFICATIONS AND EXPERIENCE:

• Experience working directly with Oracle technologies or enterprise cloud services.
• Experience within enterprise SaaS or multi-product technology organizations.
• Industry certifications such as CISSP, CISM, GCIH, or GCIA.
• Experience with SIEM, SOAR, EDR, and case management tools.
• Familiarity with regulatory frameworks such as ISO 27001, SOC 2, and NIST.
• Experience leading formal post-incident reviews and root cause analysis sessions.
• Strong documentation discipline and experience producing executive-level reporting artifacts.
• Ability to influence cross-functional stakeholders without direct authority.

• Excellent written and verbal communication skills, including executive-level reporting.
• Proven ability to operate effectively under pressure in high-visibility situations.

#IHSJobs