In addition to accountabilities listed above in Job Purpose:

• Technical Team Lead
  • Act as senior leader for senior specialists and specialists; providing guidance and oversight on day to day activities
  • Evaluate and review performance; provide coaching and mentoring; and supporting career improvement goals
  • Instill and maintain cohesiveness and positive working culture
  • Ensure regional delivery around monitoring and incident response
• Security Monitoring and Triage
  • Monitor in real time security controls and consoles from across the Novartis IT ecosystem
  • Communicate with technical and non-technical end users who report suspicious activity
• Forensics and Incident Response
  • Serve as escalation point for conducting investigations into security incidents involving advanced and sophisticated threat actors and TTPs
  • Perform forensic collection and analysis of electronic assets and devices, scripts and malicious software, and log sources from a variety of systems and applications
  • Manage incident response activities including scoping, communication, reporting, and long term remediation planning
  • Respond to major incidents as part of larger major incident response team
• Big Data analysis and reporting:
  • Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.
  • Research, develop, and enhance content within SIEM and other tools
• Technologies and Automation:
  • Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations
  • Research and test new technologies and platforms; develop recommendations and improvement plans
• Day to day:
  • Perform host based analysis, artifact analysis, network packet analysis, and malware analysis in support of security investigations and incident response
  • Coordinate investigation, containment, and other response activities with business stakeholders and groups
  • Develop and maintain effective documentation; including response playbooks, processes, and other supporting operational material
  • Perform quality assurance review of analyst investigations and work product; develop feedback and development reports
  • Provide mentoring of junior staff and serve as point of escalation for higher difficulty incidents
  • Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement
  • Recommend or develop new detection logic and tune existing sensors / security controls
  • Work with security solutions owners to assess existing security solutions array ability to detect / mitigate the abovementioned TTPs
  • Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against Novartis network
  • Participate in weekend/after hour on-call rotation to triage and/or respond to major incidents

• Effectively investigate to identify root cause, including attack vector, exploitation, and other techniques utilized to bypass security controls
• Accurately diagnose impact, damage, and mitigation techniques needed to restore business operations and minimize reoccurrence
• Identify technology and process gaps that affect CSOC services; develop solutions and make recommendations for continuous improvement
• Provide oversight and support for first level monitoring and triage to ensure effective operations and mitigation of lower impact incidents
• Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT, OT and Medical Technologies

EXPERIENCE

• 6+ years of experience in Incident Response / Computer Forensics / CSOC team / Threat Hunting or related fields
• Experienced IT administration with broad and in-depth technical, analytical and conceptual skills
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on incident response topics
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences
• Excellent understanding and knowledge of general IT infrastructure technology and  systems
• Proven experience to initiate and manage projects that will affect CSOC services and technologies