Associate Director Threat Hunting & Response

Summary

The Associate Director of Threat Hunting and Response will be a key member of the Novartis Cyber Security Operations Center (CSOC). The CSOC is a global team dedicated to active defense against sophisticated cyber threats and attacks. This role involves leveraging various tools and resources to proactively detect, investigate, and mitigate threats impacting Novartis' networks, systems, users, and applications. The role requires coordination with technical and non-technical teams, including security leadership and business stakeholders. Additionally, the role includes coaching and mentoring junior CSOC members.

About The Role

Major Accountabilities

In addition to the responsibilities listed above in the job purpose:

1. Forensics and Incident Response
   • Serve as an escalation point for investigating security incidents involving advanced threat actors and TTPs.
   • Perform forensic collection and analysis of electronic assets, malicious scripts, software, and logs from various systems.
   • Manage incident response activities, including scoping, communication, reporting, and remediation planning.
2. Threat Hunting
   • Review incident and intelligence reports from internal and external sources.
   • Develop hypotheses, analyze techniques, and execute hunts to identify threats.
   • Coordinate with security teams and stakeholders to implement countermeasures.
   • Respond to major incidents as part of the incident response team.
3. Big Data Analysis and Reporting
   • Use SIEM and big data tools to identify anomalies and extract insights.
   • Develop and improve content within SIEM and other platforms.
4. Technologies and Automation
   • Collaborate with engineering teams to design and implement playbooks, workflows, and automation.
   • Research and evaluate new technologies, providing recommendations for improvements.
5. Day-to-Day Operations
   • Conduct host, artifact, network, and malware analysis for investigations.
   • Coordinate investigation and response activities with stakeholders.
   • Maintain documentation, including response playbooks and processes.
   • Mentor junior staff and escalate severe incidents.
   • Generate incident reports with findings and improvement recommendations.
   • Develop detection logic and tune security sensors.
   • Assess security solutions for their ability to detect and mitigate threats.
   • Create custom SIEM queries and dashboards.
   • Participate in on-call rotations for incident triage and response.

Key Performance Indicators / Measures of Success

• Effective investigation to identify root causes and attack techniques.
• Accurate impact diagnosis and mitigation to restore operations.
• Identify gaps and develop solutions for continuous improvement.
• Support for monitoring and triage to ensure operational effectiveness.
• Promotion of a security-aware culture across IT, OT, and Medical Technologies.

Experience

• 8+ years in Incident Response, Forensics, CSOC, Threat Hunting, or related fields.
• Broad technical, analytical, and conceptual IT skills.
• Experience communicating with senior management on security topics.
• Excellent communication skills for technical and non-technical audiences.
• Strong understanding of IT infrastructure technologies.
• Proven project management experience affecting CSOC services.

Why Novartis: Helping people with disease and their families requires more than science; it takes a community of passionate individuals working together. Join us to make a difference. Learn more.

Join our Novartis Network: Not the right role? Sign up to stay connected for future opportunities: https://talentnetwork.novartis.com/network

Benefits and Rewards: Discover how we support your growth: https://www.novartis.com/careers/benefits-rewards