Job Details
Senior Manager, Incident Response, Cybersecurity Operations
Working with Us
Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams rich in diversity. Take your career farther than you thought possible.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us
Summary:
The Senior Manager of Incident Response will be responsible for assisting and actioning Cyber Incident Response within the BMS (Bristol Myers Squibb) Cyber Fusion Center (CFC). This role is responsible for responding to alerts and incidents within the BMS enterprise and to aid in providing technical guidance to team members. The ideal candidate will be technical, with an ability to contribute to providing leadership level summaries while potentially dealing with multiple incidents.
Essential Duties and Responsibilities:
Investigate incident response incidents and investigations, end-to-end
Leverage EDR (Endpoint Detection and Response) tools to investigate and identify malicious activity to determine root cause
Supporting IR (Incident Response) investigations by using malware, log, and network analysis
Conduct some threat hunting to support investigations
Work in Cloud platforms to conduct investigations
Work with threat intelligence to identify tactics, techniques, and procedures (TTP) and indicators of compromise (IOC)
Provide expert opinion and insight into cyber related matters affecting BMS
Create comprehensive analysis reports and potential after action reports, as needed
Communicate concisely and effectively with internal BMS stakeholders
Support CFC leadership on cyber related issues
Assist in development of SOP’s and other necessary documentation for the CFC
Desired Experience:
At least 3 years of hand on experience in Incident Response
At least 1 years of experience with SIEM (Security Information and Event Management), such as Securonix or Splunk
After hours escalation and on-call responsibilities can be expected
MITRE ATT&CK framework knowledge
Prior blue team IR exposure and analysis
Knowledge of common attack vectors and penetration techniques.
Knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption.
Technical writing and presentation skills, Big4 consulting experience.
Event analysis and correlation.
Experience with Linux (CLI), MAC OSX, and Windows operating systems
Experience with cloud elements (S3, Impala, Athena, etc.)
Ideal Candidates Would Also Have:
Certified in one or more of the following: SANS 500 level course (GCIA, GCIH, etc.)
Strong understanding of networking fundamentals (routing, OSI layers, CIDR).
Experience in fast-paced environment.
Experience with programming or scripting languages (python, bash).
Ability to present highly technical information to non-technical audiences
Solid understanding of sigma rules and their creation
If you come across a role that intrigues you but doesn’t perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.
Uniquely Interesting Work, Life-changing Careers
With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in an inclusive culture, promoting diversity in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.
On-site Protocol
Physical presence at the BMS worksite or physical presence in the field is a necessary job function of this role, which the Company deems critical to collaboration, innovation, productivity, employee well-being and engagement, and it enhances the Company culture.
COVID-19 Information
To protect the safety of our workforce, customers, patients and communities, the policy of the Company requires all employees and workers in the U.S. and Puerto Rico to be fully vaccinated against COVID-19, unless they have received an exception based on an approved request for a medical or religious reasonable accommodation. Therefore, all BMS applicants seeking a role located in the U.S. and Puerto Rico must confirm that they have already received or are willing to receive the full COVID-19 vaccination by their start date as a qualification of the role and condition of employment. This requirement is subject to state and local law restrictions and may not be applicable to employees working in certain jurisdictions such as Montana. This requirement is also subject to discussions with collective bargaining representatives in the U.S.
BMS is dedicated to ensuring that people with disabilities can perform complex functions through a transparent recruitment process, reasonable workplace adjustments and ongoing support in their roles. Applicants can request an accommodation prior to accepting a job offer. If you require reasonable accommodation in completing this application, or in any part of the recruitment process, direct your inquiries to adastaffingsupport@bms.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.
BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.
Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.