Senior Manager, Cyber Security Incident Response
Known for its scientific and operational excellence, Regeneron is a leading science-based biopharmaceutical company that discovers, invents, develops, manufactures, and commercializes medicines for the treatment of serious medical conditions. Regeneron commercializes medicines for eye diseases, high LDL-cholesterol, atopic dermatitis and a rare inflammatory condition and has product candidates in development in other areas of high unmet medical need, including rheumatoid arthritis, asthma, pain, cancer and infectious diseases . Summary . Performs as the Service Delivery Manager for the cyber incident response capability. Manages cyber and information security events that are escalated as security incidents. Identifies threats through active response and threat hunting tactics. Working with Security Monitoring team, triages escalations, prioritizes actions, assigns resources, and coordinates security incidents through the lifecycle of containment, eradication, recovery and lessons learned. Interfaces with Infrastructure Operations, HR, Legal, and other designated internal and external organizations about incident outcome. Manages and oversees third party forensics and reverse engineering service provider support direct to the Cyber Operations department. As a service manager, this position will be responsible for managing an service delivery team comprised of multiple vendors, responsible for contract management, definition of service level agreements SLAs , and ensuring that SLA's are achieved and value chain partner expectations are met or exceeded . Responsibilities . Validate potential threat actors, threat attack vectors, and live threats among industry peers and by location . Derive and lead implementation of security incident and event management use cases . Inform response and threat hunt teams of potential attack signatures . Validate active threats to Regeneron networks, applications, and data as escalations from Security Monitoring . Manage incident response to identified active intrusions/malware . Inform security technology and infrastructure operations teams on configuration changes to mitigate active threats . Collaborate and coordinate with stakeholders in responding to cyber security incidents . Requirements . Knowledge and Experience . 8+ years in security operations, or 8+ years in IT with 5+ years in security operations management role . Experienced in partnering with security managed service provides on threat and incident monitoring . Experience driving the integration of the cybersecurity incident and event management framework plans . Strong experience in triaging and leading response efforts for information security incident and threats . Fluent in cutting edge threat detection technologies, application security technologies, and analytics toolsets. Leadership . Lead incident response team to investigate threats and findings to help improve information security posture . Lead security operations services providers to achieve threat and incident mitigation outcomes, and communicate those outcomes in a business-relevant manger. Collaboration . Ability to work across multiple lines of business in a security information corporate function. Innovation . Use logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems . Identify trends in machine learning, heuristics, and big data for security incident and event management. Skills/Tools . Skilled in security incident and event management, and security analytics platforms . Ability to drive measureable results from a security managed service and security operations center . Strong customer service and communications skills, both oral and written with the ability to build relationships at all levels . Ability to weigh security controls against technical and administrative standards . Organized, detail-oriented with ability to understand big picture and make risk appropriate tradeoffs . Minimum Educational Requirements . Bachelors Degree . Required Licenses & Certificates . Position requires CISSP, CISM, CHE or equivalent, relevant certification from a recognized body e.g , SANS, ISC2, ISACA . If absent, certification must be attained no later than after one year of start date . Minimum Years of Experience . 8+ years in security operations, or 8+ years in IT with 5+ years in security operations management role . Preferred . Experience with Splunk or other industry leading security analytics platform . Work within a large complex organization . This is an opportunity to join our select team that is already leading the way in the Pharmaceutical/Biotech industry. Apply today and learn more about Regeneron's unwavering commitment to combining good science & good business . To all agencies . Please, no phone calls or emails to any employee of Regeneron about this opening. All resumes submitted by search firms/employment agencies to any employee at Regeneron via-email, the internet or in any form and/or method will be deemed the sole property of Regeneron, unless such search firms/employment agencies were engaged by Regeneron for this position and a valid agreement with Regeneron is in place. In the event a candidate who was submitted outside of the Regeneron agency engagement process is hired, no fee or payment of any kind will be paid . Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability status, protected veteran status, or any other characteristic protected by law.