[Hiring] Principal Analyst Cyber Security Operations - SOAR @Fresenius Medical Care

Role Description

Fresenius Medical Care’s CSOC seeks a Principal Analyst to lead engineering and development of advanced enterprise-wide detection and threat analytics capabilities. The role drives security engineering strategy, AI enhanced detection logic, threat modeling, and continuous tuning across diverse platforms. It also leads SOAR engineering—building automations, integrating security tools, and creating workflows that reduce manual work and speed up response—while partnering closely with Security and Global IT teams. This is a U.S.-based remote position supporting Fresenius Medical Care’s Global Cyber Security Operations Center.

Principal Duties and Responsibilities

• Lead architecture, development, and maintenance of SOAR playbooks and automation pipelines.
• Automate repetitive security operations and security engineering workflows (EDR, VM scanning, SIEM enrichment, IR actions).
• Integrate security tools and platforms using APIs, scripting, and microservices.
• Improve MTTR and reduce operational overhead through intelligent automation by closely partnering with Security Engineering, IT Operations, and Cloud Teams.
• Develop KPIs to measure automation impact and report operational improvements.
• Lead POCs for new automation platforms and evaluate opportunities for AI-based operations.
• Provide mentorship and code reviews for automation engineers and analysts.
• Partner with security engineering on telemetry strategy, logging requirements, and architectural standards for monitoring visibility.
• Integrate AI/ML driven detection capabilities into existing pipelines, validating model performance and reducing false positives.
• Maintain ingestion pipelines, parsing logic, normalization rules, and event taxonomies across critical log sources: identity, endpoint, cloud, network, application, and medical systems.
• Lead the design, implementation, and optimization of enterprise-wide detection content, including correlation rules, behavioral analytics, machine learning assisted detections, and anomaly models.
• Develop detection playbooks and logic focused on lateral movement, credential abuse, insider threats, privilege escalation, cloud compromise, and advanced persistent threats.
• Tune, optimize, and enrich detection pipelines with contextual data (identity, asset, threat intelligence, vulnerability data).
• Mentor analysts and engineers globally on detection logic development, data analytics, and platform best practices.
• Serve as a senior escalation point for complex security incidents and investigations.

Physical Demands and Working Conditions

The physical demands and work environment characteristics represent those typically encountered while performing essential duties. Reasonable accommodation may be made as needed. This is a remote role with availability expected during core hours and during escalations as required.

Supervision

Provides technical leadership and mentorship to threat engineers, automation engineers, and security operations analysts globally. Does not directly manage staff.

Education

• Minimum Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience).

Experience and Required Skills

• 5+ years in automation engineering, SOAR engineering, or DevSecOps.
• Strong scripting/programming experience (Python required; PowerShell, Go, or NodeJS a plus).
• Hands-on experience with:
  • SOAR platforms (Cortex XSOAR, Splunk SOAR, Microsoft Sentinel automation)
  • API integrations and REST/JSON workflows
  • CI/CD tools (GitHub, GitLab, Azure DevOps)
• Deep understanding of SOC processes, alerting workflows, and incident response.
• Experience integrating EDR, VM, identity, and cloud security tools.

Preferred

• Experience with AI-driven automation or LLM-assisted workflow design.
• Certifications: GCSA, GCFA, GCIH, scripting/DevOps certs.
• Experience in hybrid or multi-cloud environments.

Compensation

The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies. Annual Rate: $117,700.00 - $196,200.00 for Waltham, MA location.

Benefits

• Comprehensive benefits package including medical, dental, and vision insurance.
• 401(k) with company match.
• Paid time off.
• Parental leave.
• Potential for performance-based bonuses depending on company and individual performance.

Equal Opportunity Employer

Fresenius Medical Care maintains a drug-free workplace in accordance with applicable federal and state laws. Fresenius Medical Care is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sexual orientation, gender identity, parental status, national origin, age, disability, military service, or other non-merit-based factors.