Senior Incident Response Analyst-Hybrid

Job Description

The Senior Incident Response Analyst will be a member of our Cyber Fusion Center Team and support our Incident Response function. This position will respond to and remediate advanced cybersecurity incidents, including application and network-based threats.

They will work with our business stakeholders and intelligence, analytics, and engineering teams to assist in improving incident response processes in the cloud, OT, and other environments.

This position will be a hybrid working environment with a mix of remote and on-site work.

Key Responsibilities:

• Lead cyber security incidents and perform investigation, containment, and remediation efforts.

• Provide guidance to first-level responders for handling cyber security incidents.

• Develop new incident response use cases and create threat detection logic, rules, and alerting in our SIEM (Security Information and Event Management) tool for response by IR analysts.

• Work with security and data analytic engineering teams to identify and recommend new internal and external data sources to develop additional threat detection logic.

• Analyze threat information gathered from logs, Intrusion Detection Systems (IDS), intelligence reports, vendor sites, and a variety of other sources and recommend rules and other process changes.

• Create, review, and update standards, baselines, standard operations procedures, and runbooks for the function, especially in the cloud and OT environments.

• Identify and develop workflow automation to lower response time and eliminate lengthy procedures during incident investigations.

• Conduct timely evaluations of incident response tickets within a defined review process, providing in-depth analysis, actionable insights, and guidance to improve response and enhance overall incident management effectiveness.

Education:

• Bachelor's degree in computer science, information systems, or related field.

Required Experience and Skills:

• Minimum 5 years of experience in incident response, preferably in a pharmaceutical, biotechnology, or other regulated environment

• Advanced knowledge of security technologies, such as SIEM, EDR Tools, Host and Network Security Tools, and Vulnerability Management tools

• Advanced understanding of cloud environment configurations, including Azure and AWS infrastructure

• Experience with common attack vectors, including advanced adversaries (nation state/financial motivation)

• Knowledge around common web application attacks, including SQL injection, cross-site scripting, invalid inputs, and forceful browsing

• Ability to independently perform analytical activities, pay close attention to detail for assigned tasks, apply critical thinking skills, and to learn and adapt quickly in a fast-paced environment

• Strong written communication skills

Preferred Experience and Skills:

• Cybersecurity Certifications (Offensive Security, SANS, etc.)

• Experience working with cyber security tools, endpoint detect & respond, intrusion detection, and intrusion prevention systems

• Experience developing detection logic for enterprise SIEM systems

• Experience with MDR tools

• Experience with exploitation techniques and use case development

• Experience with scripting languages such as Python, SPL, PowerShell, KQL, etc.

NOTICE FOR INTERNAL APPLICANTS

In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.

If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

We are an Equal Opportunity Employer, committed to fostering an inclusive and diverse workplace.  All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or other applicable legally protected characteristics.  For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:

EEOC Know Your Rights

EEOC GINA Supplement​

Pay Transparency Nondiscrimination

We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.

Learn more about your rights, including under California, Colorado and other US State Acts

U.S. Hybrid Work Model

Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.

The Company is required to provide a reasonable estimate of the salary range for this job in certain states and cities within the United States. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate’s relevant skills, experience, and education.

Expected US salary range:

Available benefits include bonus eligibility, long term incentive if applicable, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. A summary of benefits is listed here.

San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

Los Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.