In addition to accountabilities listed above in Job Purpose:

• Forensics and Incident response
  • Serve as escalation point for conducting investigations into security incidents involving advanced and sophisticated threat actors and TTPs
  • Perform forensic collection and analysis of electronic assets and devices, scripts and malicious software, and log sources from a variety of systems and applications
  • Manage incident response activities including scoping, communication, reporting, and long term remediation planning
• Threat Hunting:
  • Review incident and intelligence reports from a variety of internal and external sources and teams
  • Develop hypotheses, analyze techniques, and execute hunts to identify threats across the environment
  • Interface with security teams and business stakeholders to implement countermeasures and improve defenses
  • Respond to major incidents as part of larger major incident response team
• Big Data analysis and reporting:
  • Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.
  • Research, develop, and enhance content within SIEM and other tools
• Technologies and Automation:
  • Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations
  • Research and test new technologies and platforms; develop recommendations and improvement plans
• Day to day:
  • Perform host based analysis, artifact analysis, network packet analysis, and malware analysis in support of security investigations and incident response
  • Coordinate investigation, containment, and other response activities with business stakeholders and groups
  • Develop and maintain effective documentation; including response playbooks, processes, and other supporting operational material
  • Provide mentoring of junior staff and serve as point of escalation for higher severity incidents
  • Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement
  • Recommend or develop new detection logic and tune existing sensors / security controls
  • Work with security solutions owners to assess existing security solutions array ability to detect / mitigate the abovementioned TTPs
  • Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against Novartis network
  • Participate in weekend/after hour on-call rotation to triage and/or respond to major incidents

• Effectively investigate to identify root cause, including attack vector, exploitation, and other techniques utilized to bypass security controls
• Accurately diagnose impact, damage, and mitigation techniques needed to restore business operations and minimize reoccurrence
• Identify technology and process gaps that affect CSOC services; develop solutions and make recommendations for continuous improvement
• Provide oversight and support for first level monitoring and triage to ensure effective operations and mitigation of lower impact incidents
• Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT, OT and Medical Technologies

EXPERIENCE

• 8+ years of experience in Incident Response / Computer Forensics / CSOC team / Threat Hunting or related fields
• Experienced IT administration with broad and in-depth technical, analytical and conceptual skills
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on incident response topics
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences
• Excellent understanding and knowledge of general IT infrastructure technology and  systems
• Proven experience to initiate and manage projects that will affect CSOC services and technologies