Associate Director, Incident Response, Cybersecurity
At Bristol Myers Squibb, we are inspired by a single vision – transforming patients’ lives through science. In oncology, hematology, immunology and cardiovascular disease – and one of the most diverse and promising pipelines in the industry – each of our passionate colleagues contribute to innovations that drive meaningful change. We bring a human touch to every treatment we pioneer. Join us and make a difference.
Role level would be for Associate Director.
The Associate Director of Incident Response will be responsible for assisting and actioning Cyber Incident Response within the BMS Cyber Fusion Center (CFC). This role is responsible for responding to alerts and incidents within the BMS enterprise and to aid in providing technical guidance to team members. The ideal candidate will be highly technical, with an ability to quickly provide leadership level summaries while potentially dealing with multiple incidents. This role may also require the candidate to provide support as an incident commander, if the need arises.
Essential Duties and Responsibilities
- Investigate and lead incident response incidents and investigations, end-to-end
- Leverage EDR tools to investigate and identify malicious activity to determine root cause
- Support IR investigations by using malware, log, and network analysis
- Conduct some threat hunting to support investigations
- Work with threat intelligence to identify tools, tactics, and procedures (TTP) and indicators of compromise (IOC)
- Provide expert opinion and insight into cyber related matters affecting BMS
- Creating comprehensive analysis reports and potential after action reports, as needed
- Communicate concisely and effectively with internal BMS stakeholders
- Support CFC leadership on cyber related issues
- Assist development of SOP’s and other necessary documentation for the CFC
Desired experience varies by role:
- At least 5 years of hand on experience in Incident Response
- At least 3 years of experience with SIEM, such as Securonix or Splunk
- After hours escalation and on-call responsibilities can be expected
- MITRE ATT&CK framework knowledge
- Prior blue team IR exposure and analysis
- Demonstrated SIEM platform alert analysis experience.
- Expert-level knowledge of common attack vectors and penetration techniques.
- Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption.
- Technical writing and presentation skills.
- Event analysis and correlation.
- Experience with Linux (CLI), MAC OSX, and Windows operating systems
- Experience with cloud elements (S3, Impala, Athena, etc)
Ideal Candidates Would Also Have:
- Certified in one or more of the following: SANS 500 level course (GCIA, GCIH, etc)
- Strong understanding of networking fundamentals (routing, OSI layers, CIDR).
- Experience in fast-paced environment.
- Experience with programming or scripting languages (Python, bash).
- Ability to present highly technical information to non-technical audiences
- Solid understanding of sigma rules and their creation
Around the world, we are passionate about making an impact on the lives of patients with serious diseases. Empowered to apply our individual talents and diverse perspectives in an inclusive culture, our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives.
Physical presence at the BMS worksite or physical presence in the field is an essential job function of this role which the Company deems critical to collaboration, innovation, productivity, employee well-being and engagement, and enhances the Company culture.
To protect the safety of our workforce, customers, patients and communities, the policy of the Company requires all employees and workers in the U.S. and Puerto Rico to be fully vaccinated against COVID-19, unless they have received an exception based on an approved request for a medical or religious reasonable accommodation. Therefore, all BMS applicants seeking a role located in the U.S. and Puerto Rico must confirm that they have already received or are willing to receive the full COVID-19 vaccination by their start date as a qualification of the role and condition of employment. This requirement is subject to state and local law restrictions and may not be applicable to employees working in certain jurisdictions such as Montana. This requirement is also subject to discussions with collective bargaining representatives in the U.S.
Our company is committed to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace adjustments and ongoing support in their roles. Applicants can request an approval of accommodation prior to accepting a job offer. If you require reasonable accommodation in completing this application or if you are applying to a role based in the U.S. or Puerto Rico and you believe that you are unable to receive a COVID-19 vaccine due to a medical condition or sincerely held religious belief, during or any part of the recruitment process, please direct your inquiries to . Visit[Register to View] target="_blank"> [Register to View] to access our complete Equal Employment Opportunity statement.
Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.