✦ Luna Orbit — Cybersecurity

VP, Cyber Defense & Threat Intelligence

at CVS Health

Hybrid 💰 Up to $0 USD / year Posted April 15, 2026
Apply Now → ← Browse All Jobs

Position Details

Salary Up to $0 USD / year
Type Full-Time
Experience executive
Exp. Years Not specified
Education Not specified
Category Cybersecurity

About this role

As VP, Cyber Defense & Threat Intelligence, you will lead CVS Health’s global defensive cyber capability. You will run the enterprise SOC, CTI, CSIRT, and AI SecOps, and serve as the primary technical authority during major cyber events.

Key Responsibilities

  • Own 24x7x365 enterprise SOC operations
  • Build and mature enterprise CTI program
  • Lead CSIRT operations
  • Drive SOC maturity via automation and SOAR playbooks (MTTD/MTTR)
  • Lead penetration testing and Red/Blue Team operations for cyber defense

Technical Overview

This role covers 24x7x365 SOC operations across on-premises, cloud, and hybrid environments, including automation and SOAR playbook development. It also includes CTI program leadership (with integration into detection logic and red team planning), CSIRT operations, penetration testing, Red/Blue Team operations, and crisis incident response, with performance targets tracked via MTTD and MTTR.

Ideal Candidate

The ideal candidate is a senior cybersecurity executive who has designed, built, and operated an enterprise Security Operations Center (SOC) with strong incident response ownership. They lead Cyber Threat Intelligence (CTI), CSIRT operations, and defensive testing initiatives including penetration testing and Red/Blue Team operations while driving measurable improvements in MTTD and MTTR. They understand regulatory expectations for continuous monitoring of PHI/PII in healthcare environments (HIPAA and PCI-DSS).

Must-Have Skills

24x7x365 enterprise SOC operationsowning SOC operationsautomationSOAR playbook developmentand metrics (MTTD/MTTR)leading enterprise CTI programmaintaining intelligence sharing participation (H-ISACFS-ISAC where applicable)CSIRT operations leadershipPenetration testing leadershipRed/Blue Team operationscrisis incident response leadershipAI SecOps and security data analytics oversight

Nice-to-Have Skills

integration CTI feeds into SOC detection logicvulnerability prioritizationgovernment partnerships (CISAFBIHHS/OCR) beyond baseline participation

Tools & Platforms

Security Operations Center (SOC)SOARComputer Security Incident Response Team (CSIRT)Cyber Threat Intelligence (CTI)Artificial Intelligence Security Operations (AI SecOps)Security Data Analytics

Required Skills

enterprise Security Operations Center (SOC) operations24x7x365 monitoringSOAR playbook developmentmean time to detect (MTTD)mean time to respond (MTTR)HIPAAPCI-DSSPHI/PIICyber Threat Intelligence (CTI)intelligence sharing (H-ISACFS-ISAC)CISAFBIHHS/OCRComputer Security Incident Response Team (CSIRT)Insider Risk OperationsArtificial Intelligence Security Operations (AI SecOps)Security Data AnalyticsPenetration TestingRed/Blue Team operationscrisis incident response

Hard Skills

enterprise Security Operations Center (SOC) operations24x7x365 monitoringdetection and triageon-premisescloud environmentshybrid environmentsSOC automationSOAR playbook developmentmetrics-driven performance managementmean time to detect (MTTD)mean time to respond (MTTR)HIPAAPCI-DSScontinuous monitoringPHI/PII environmentsvendor managementMSSP relationshipsSLAsescalation protocolsenterprise Cyber Threat Intelligence (CTI) programthreat intelligence integrationoperationally relevant intelligencedecision-ready intelligenceintelligence sharing communitiesH-ISACFS-ISACCISAFBIHHS/OCRgeopolitical and nation-state threat awareness programsred team planningComputer Security Incident Response Team (CSIRT) operationsArtificial Intelligence Security Operations (AI SecOps)Security Data Analyticspenetration testingRed/Blue Team operationscrisis incident responseCISO reporting

Soft Skills

executive leadershipdesigningbuildingand operating a global defensive cyber capabilityculture buildingprecisionspeedmission orientationcross-functional collaborationtranslating intelligence into prevention and detectionstakeholder managementcommunication with regulatorsBoardand executive leadership

Industry & Role

Industry Healthcare IT
Job Function Run and optimize CVS Health’s enterprise cyber defense operations and threat intelligence program.
Role Subtype Security Architect
Tech Domains Cybersecurity

Keywords for Your Resume

VPCyber Defense & Threat IntelligenceVice PresidentCISOSecurity Operations Center (SOC)24x7x365Computer Security Incident Response Team (CSIRT)Cyber Threat Intelligence (CTI)Insider Risk OperationsArtificial Intelligence Security Operations (AI SecOps)Security Data AnalyticsPenetration TestingRed/Blue TeamRed teamBlue teamCrisis Incident ResponseSOARmean time to detect (MTTD)mean time to respond (MTTR)HIPAAPCI-DSSPHI/PIIH-ISACFS-ISACCISAFBIHHS/OCRRed/Blue Team operations

Deal Breakers

No demonstrated leadership of enterprise SOC and incident response operations, Lack of experience with HIPAA and PCI-DSS continuous monitoring expectations (PHI/PII environments)

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile