Associate Director, Incident Response, Cybersecurity Operations

Working with Us
Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams rich in diversity. Take your career farther than you thought possible.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us.

SUMMARY:

The Associate Director of Incident Response will be responsible for assisting and actioning Cyber Incident Response within the BMS Cyber Fusion Center (CFC). This role is responsible for responding to alerts and incidents within the BMS enterprise and to aid in providing technical guidance to team members. The ideal candidate will be highly technical, with an ability to quickly provide leadership level summaries while potentially dealing with multiple incidents. This role may also require the candidate to provide support as an incident commander, if the need arises. 

POSITION RESPONSIBILITIES:

• Investigate and lead incident response incidents and investigations, end-to-end 
• Leverage EDR tools to investigate and identify malicious activity to determine root cause 
• Supporting IR investigations by using malware, log, and network analysis 
• Conducting some threat hunting to support investigations 
• Working in Cloud platforms to conduct investigations 
• Working with threat intelligence to identify tools, tactics, and procedures (TTP) and indicators of compromise (IOC) 
• Providing expert opinion and insight into cyber related matters affecting BMS 
• Creating comprehensive analysis reports and potential after action reports, as needed 
• Communicating concisely and effectively with internal BMS stakeholders 
• Support CFC leadership on cyber related issues 
• Assist development of SOP’s and other necessary documentation for the CFC  

DESIRED EXPERIENCE:

• At least 5 years of hand on experience in Incident Response  
• At least 3 years of experience with SIEM, such as Sentinel or Splunk  
• After hours escalation and on-call responsibilities can be expected 
• MITRE ATT&CK framework knowledge 
• Prior blue team IR exposure and analysis 
• Demonstrated SIEM platform alert analysis experience. 
• Expert-level knowledge of common …