MAJOR ACCOUNTABILITIES
In addition to accountabilities listed above in Job Purpose:
· Security Monitoring and Triage
o Monitor in real time security controls and consoles from across the Novartis IT ecosystem
o Communicate with technical and non-technical end users who report suspicious activity
· Forensics and Incident Response
o Conduct initial investigations into security incidents involving a variety of threats
o Gather live evidence from endpoint devices and log sources from a variety of systems and applications
o Support incident response activities including scoping, communication, reporting, and long term remediation planning
o Review technical reports and escalations for completeness and accuracy
· Big Data analysis and reporting:
o Utilizing SIEM/Big data to identify abnormal activity and extract meaningful insights.
o Research, develop, and enhance content within SIEM and other tools
· Technologies and Automation:
o Interface with engineering teams to design, test, and implement playbooks, orchestration workflows and automations
o Research and test new technologies and platforms; develop recommendations and improvement plans
· Day to day:
o Perform host based analysis, artifact analysis, network packet analysis, and malware analysis in support of security investigations and incident response
o Coordinate investigation, containment, and other response activities with business stakeholders and groups
o Develop and maintain effective documentation; including response playbooks, processes, and other supporting operational material
o Perform quality assurance review of analyst investigations and work product; develop feedback and development reports
o Provide mentoring of junior staff and serve as point of escalation for higher severity incidents
o Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement
o Recommend or develop new detection logic and tune existing sensors / security controls
o Work with security solutions owners to assess existing security solutions array ability to detect / mitigate the abovementioned TTPs
o Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against Novartis network
KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS
· Effectively investigate to identify root cause, including attack vector, exploitation, and other techniques utilized to bypass security controls
· Accurately diagnose impact, damage, and mitigation techniques needed to restore business operations and minimize reoccurrence
· Identify technology and process gaps that affect CSOC services; develop solutions and make recommendations for continuous improvement
· Provide oversight and support for first level monitoring and triage to ensure effective operations and mitigation of lower impact incidents
EDUCATION / EXPERIENCE
EDUCATION
- Essential:
- University working and thinking level, degree in business/technical/scientific area or comparable education/experience
- Desirable:
- Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
EXPERIENCE
- 4+ years of experience in Incident Response / Computer Forensics / CSOC team / Threat Hunting or related fields
- Experienced IT administration with broad and in-depth technical, analytical and conceptual skills
- Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on incident response topics
- Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences
- Excellent understanding and knowledge of general IT infrastructure technology and systems
- Proven experience to initiate and manage projects that will affect CSOC services and technologies
PRODUCT/MARKET/CUSTOMER KNOWLEDGE
- Good understanding of pharmaceutical industry. Good understanding and knowledge of business processes in a global pharmaceutical industry
SKILLS/JOB RELATED KNOWLEDGE
- Good mediation and facilitation skills
- Good knowledge of IT Security Project Management
- Experience with security incident monitoring and response related to medical devices
- Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL
- Knowledge of security frameworks such as Hitrust
- Host and network based forensic collection and analysis
- Dynamic malware analysis, reverse engineering, and/or scripting abilities
- Proficient with Encase, Responder, X-Ways, Volatility, FTK, Axiom, Splunk, Wireshark, and other forensic tools
- Understanding of Advanced Persistent Threat (APT) and associated tactics.
- Research, enrichment, and searching of indicators of compromise
- Very strong team and interpersonal skills along with the ability to work independently and achieve individual goals.
- Coordinate with other team members to achieve the specified objectives.
- Effective oral and written communication skills
NETWORKS
- High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
- Ability to handle competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions
OTHER
- Fluency (written and spoken) in English
CORE COMPETENCIES
Leadership
Establishes clear direction and sets stretch objectives. Aligns and energizes Associates behind common objectives. Champions the Novartis Values and Behaviors. Rewards/encourages the right behaviors and corrects others.
- Establishes clear directives and objectives.
- Communicates positive expectations for others on the team.
- Integrates and applies learning to achieve business goals.
Customer/Quality Focus
Assigns highest priority to customer satisfaction. Listens to customer and creates solutions for unmet customer needs. Established effective relationships with customers and gains their trust and respect.
- Defines quality standards to ensure customer satisfaction.
- Creates and supports world-class quality standards to ensure customer satisfaction.
Fast, Action-Oriented
Is action-oriented and full of energy to face challenging situations. Is decisive, seizes opportunities and ensures fast implementation. Strives for simplicity and clarity. Avoids 'bureaucracy'.
- Alerts others to potential risks and opportunities.
- Keeps organizational processes simple and efficient.
- Takes acceptable/calculated risks by adopting new or unknown directions.
Results Driven
Can be relied upon to succeed targets successfully. Does better than the competition. Pushes self and others for results.
- Anticipates potential barriers to achievement of shared goals.
- Pushes self and others to see new ways of achieving results (e.g., better business model).
- Uses feasibility and ROI analyses to ensure results.
- Keeps pace with new developments in the industry.
