Assoc. Dir. DDIT ISC Detection & Response

In addition to accountabilities listed above in Job Purpose:

• Technical Team Lead
  • Supervise and manage a team of diverse skillsets and personalities
  • Evaluate and review performance; provide coaching and mentoring; develop and track career improvement goals
  • Instill and maintain cohesiveness and positive working culture
  • Accountable for regional delivery around monitoring and incident response
• Security Monitoring and Triage
  • Monitor in real time security controls and consoles from across the Novartis IT ecosystem
  • Communicate with technical and non-technical end users who report suspicious activity
• Forensics and Incident Response
  • Serve as escalation point for conducting investigations into security incidents involving advanced and sophisticated threat actors and TTPs
  • Perform forensic collection and analysis of electronic assets and devices, scripts and malicious software, and log sources from a variety of systems and applications
  • Manage incident response activities including scoping, communication, reporting, and long term remediation planning
  • Respond to major incidents as part of larger major incident response team
• Big Data analysis and reporting:
  • Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.
  • Research, develop, and enhance content within SIEM and other tools
• Technologies and Automation:
  • Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations
  • Research and test new technologies and platforms; develop recommendations and improvement plans
• Day to day:
  • Perform host based analysis, artifact analysis, network packet analysis, and malware analysis in support of security investigations and incident response
  • Coordinate investigation, containment, and other response activities with business stakeholders and groups
  • Develop and maintain effective documentation; including response playbooks, processes, and other supporting operational material
  • Perform quality assurance review of analyst investigations and work product; develop feedback and development reports
  • Provide mentoring of junior staff and serve as point of escalation for higher difficulty incidents
  • Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement
  • Recommend or develop new detection logic and tune existing sensors / security controls
  • Work with security solutions owners to assess existing security solutions array ability to detect / mitigate the abovementioned TTPs
  • Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against Novartis network
  • Participate in weekend/after hour on-call rotation to triage and/or respond to major incidents