Sr. Specialist DDIT ISC Detection & Response

In addition to accountabilities listed above in Job Purpose:

• Security Monitoring and Triage
  • Monitor in real time security controls and consoles from across the Novartis IT ecosystem
  • Communicate with technical and non-technical end users who report suspicious activity
• Forensics and Incident Response
  • Conduct initial investigations into security incidents involving a variety of threats
  • Gather live evidence from endpoint devices and log sources from a variety of systems and applications
  • Support incident response activities including scoping, communication, reporting, and long term remediation planning
  • Prepare technical reports for business stakeholders and IT leadership
• Big Data analysis and reporting:
  • Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.
  • Research, develop, and enhance content within SIEM and other tools
• Technologies and Automation:
  • Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations
  • Research and test new technologies and platforms; develop recommendations and improvement plans
• Day to day:
  • Perform host based analysis, artifact analysis, network packet analysis, and malware analysis in support of security investigations and incident response
  • Coordinate investigation, containment, and other response activities with business stakeholders and groups
  • Develop and maintain effective documentation; including response playbooks, processes, and other supporting operational material
  • Perform quality assurance review of analyst investigations and work product; develop feedback and development reports
  • Provide mentoring of junior staff and serve as point of escalation for higher severity incidents
  • Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement
  • Recommend or develop new detection logic and tune existing sensors / security controls
  • Work with security solutions owners to assess existing security solutions array ability to detect / mitigate the abovementioned TTPs
  • Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against Novartis network

EDUCATION

• Essential:
  • University working and thinking level, degree in business/technical/scientific area or comparable education/experience
• Desirable:
  • Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred

EXPERIENCE

• 2+ years of experience in Information Technology / Analytical role preferred
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences
• Experience in IT administration with technical, analytical and conceptual skills
• Experience in reporting to and communicating technical and non-technical business stakeholders
• Understanding and knowledge of general IT infrastructure technology and  systems

PRODUCT/MARKET/CUSTOMER KNOWLEDGE

• Understanding of pharmaceutical industry, including familiarity with business processes in a global pharmaceutical industry

SKILLS/JOB RELATED KNOWLEDGE

• Good mediation and facilitation skills
• Good knowledge of IT Security Project Management
• Experience with security incident monitoring and response related to medical devices
• Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL
• Knowledge of security frameworks such as Hitrust
• Host and network based forensic collection and analysis
• Dynamic malware analysis, reverse engineering, and/or scripting abilities
• Familiarity with Encase, Responder, X-Ways, Volatility, FTK, Axiom, Splunk, Wireshark, and other forensic tools
• Understanding of Advanced Persistent Threat (APT) and associated tactics.
• Research, enrichment, and searching of indicators of compromise
• Very strong team and interpersonal skills along with the ability to work independently and achieve individual goals.
• Coordinate with other team members to achieve the specified objectives.
• Effective oral and written communication skills