The associate director threat hunting and response will be an integral part of the novartis cyber security operations center (csoc). The csoc is an advanced global team passionate about active defense against sophisticated cyber threats and attacks. The associate director threat hunting and response will serve as a principal engineer, leveraging various tools and resources to proactively detect, investigate, and mitigate emerging and persistent threats impacting novartis’ networks, systems, users, and applications. This role involves coordination and communication with technical and non-technical teams, including security leadership and business stakeholders. As an experienced engineer, this role will also involve coaching and mentoring junior csoc members.
about the role
major accountabilities
in addition to the accountabilities listed above in job purpose:
* forensics and incident response:
o serve as an escalation point for investigations into security incidents involving advanced threat actors and ttps.
o perform forensic collection and analysis of electronic assets, devices, scripts, malicious software, and log sources from various systems and applications.
o manage incident response activities, including scoping, communication, reporting, and remediation planning.
* threat hunting:
o review incident and intelligence reports from internal and external sources.
o develop hypotheses, analyze techniques, and execute hunts to identify threats.
o collaborate with security teams and stakeholders to implement countermeasures and improve defenses.
o respond to major incidents as part of the incident response team.
* big data analysis and reporting:
o use siem and big data tools to identify abnormal activities and extract insights.
o research, develop, and enhance content within siem and other platforms.
* technologies and automation:
o work with engineering teams to design, test, and implement playbooks, workflows, and automations.
o research and evaluate new technologies, providing recommendations for improvements.
* daily operations:
o conduct host-based, artifact, network packet, and malware analysis to support investigations.
o coordinate investigation and containment activities with stakeholders.
o maintain documentation, including response playbooks and processes.
o mentor junior staff and escalate severe incidents.
o create incident reports with findings and recommendations.
o develop and tune detection logic and sensors.
o assess existing security solutions for their effectiveness against ttps.
o create custom siem queries and dashboards for monitoring threats.
o participate in on-call rotations for incident triage and response.
why novartis: helping people with disease and their families requires more than science; it requires a community of passionate, innovative people. Join us to make a difference: https://www.novartis.com/about/strategy/people-and-culture
join our novartis network: not the right role? Sign up for our talent community to stay connected and learn about new opportunities: https://talentnetwork.novartis.com/network
#j-18808-ljbffr