Incident Response Lead

About AbbVie
AbbVie's mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women's health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com . Follow @abbvie on Twitter , Facebook , Instagram , YouTube and LinkedIn .

The Incident Response Team Lead, working within AbbVie's enterprise-wide information security team, will be the resident expert for incident response and will be responsible providing oversight to the response team members to ensure that response to cyber security incidents are being performed consistently, adequately, and in a timely manner; and training and developing the skillsets of the internal CSIRT team. Additionally, the Security Incident Response Team Lead will coordinate response to significant incidents and assist with identifying information security risks and gaps and developing recommendations and plans to address risks and gaps. Additionally, the Security Incident Response Team Lead will be expected to provide input and help shape the strategic direction of incident response at AbbVie.

Responsibilities

• Act as the primary escalation point for cyber security incidents at AbbVie, developing response plans and coordinating activity as needed
• Provide leadership to the Cyber Security Incident Response Team in the implementation of the Information Security and Incident Response strategies
• Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention
• Provide oversight to managed security service provider(s) to ensure quality of work and service level agreements are being met.
• Interpret and summarize technical information for presentation to non-technical business contacts
• Develop, integrate, improve cyber security incident response "playbooks" and documentation for the team
• Act as a mentor for incident responders
• Identify capability gaps and assist in developing those capabilities or implementing technology as needed
• Examine log, system, and malware data to assess incident scope and impact
• Prepare formal reports on incident findings
• Drive improvements in cyber security incident detection
• Drive improvements in cyber security incident response automation capabilities
• Act as a first responder for cyber security incidents during normal business/off-hours and on-call

Required Technical Skills

• Expert level understanding of cyber security incident response
• Expert level understanding of Windows OS
• Expert level understanding of intrusion-focused system forensics
• Advanced level understanding of TCP/IP Networking
• Advanced level understanding of malware analysis
• Familiarity with network and enterprise architecture

Other Required Skills

• • Ability to author clear and concise incident reports
  • Ability to organize the actions of others to
  • Ability to successfully interact with non-technical in-business contacts
  • Ability to works independently without direction for day to day activities
  • Ability to analyze and understand technical information
  • Experience analyzing and pivoting on large sets of data
  • Ability to author clear and concise reports
  • Ability to successfully interact with non-technical customers
  • Familiarity with general information security concepts and practices
  • Familiarity with change and incident management concepts and processes
  • Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment

Qualifications

Education and Experience

• • Minimum 7 years of experience in an information technology discipline
  • 4-year college degree in computer science or related field is preferred
  • Minimum 4 years of experience in an incident response role handling and responding to information security incidents
  • Security certifications are desired

Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel
No
Job Type
Experienced
Schedule
Full-time
Job Level Code
M
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.