Summary
About the Role
MAJOR ACCOUNTABILITIES
In addition to accountabilities listed above in Job Purpose:
- Forensics and Incident response
- Serve as escalation point for conducting investigations into security incidents involving advanced and sophisticated threat actors and TTPs
- Perform forensic collection and analysis of electronic assets and devices, scripts and malicious software, and log sources from a variety of systems and applications
- Manage incident response activities including scoping, communication, reporting, and long term remediation planning
- Threat Hunting:
- Review incident and intelligence reports from a variety of internal and external sources and teams
- Develop hypotheses, analyze techniques, and execute hunts to identify threats across the environment
- Interface with security teams and business stakeholders to implement countermeasures and improve defenses
- Respond to major incidents as part of larger major incident response team
- Big Data analysis and reporting:
- Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.
- Research, develop, and enhance content within SIEM and other tools
- Technologies and Automation:
- Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations
- Research and test new technologies and platforms; develop recommendations and improvement plans
- Day to day:
- Perform host based analysis, artifact analysis, network packet analysis, and malware analysis in support of security investigations and incident response
- Coordinate investigation, containment, and other response activities with business stakeholders and groups
- Develop and maintain effective documentation; including response playbooks, processes, and other supporting operational material
- Provide mentoring of junior staff and serve as point of escalation for higher severity incidents
- Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement
- Recommend or develop new detection logic and tune existing sensors / security controls
- Work with security solutions owners to assess existing security solutions array ability to detect / mitigate the abovementioned TTPs
- Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against Novartis network
- Participate in weekend/after hour on-call rotation to triage and/or respond to major incidents
Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together? https://www.novartis.com/about/strategy/people-and-culture
Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork.novartis.com/network
Benefits and Rewards: Read our handbook to learn about all the ways we’ll help you thrive personally and professionally: https://www.novartis.com/careers/benefits-rewards
