Manager, Cyber Security Operations Center
AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.
AbbVie Information Security is looking for a highly motivated and talented individual to join the Cyber Security Incident Response Team (CSIRT). The Cyber Security Operations Center (CSOC) manages the initial investigation and response to security events, alerts, and threats, and works directly to augment the incident responders. This is a new capability within the Cyber Security Incident Response Team (CSIRT), working within the larger Cyber Security Operations (CSO) function. Join us as Manager, Cyber Security Operations Center (CSOC) to build, support, and lead the next generation team of skilled defenders and help our business to continue to have remarkable impacts on people’s lives.
This is a highly technical role helping to attract, hire, train, develop and coach a staff of defenders – with the opportunity to influence and drive the direction of this new capability. The Manager, Cyber Security Operations Center (CSOC) will be expected to work alongside the team to detect and respond to alerts/incident, develop and enhance triage documentation, and participate in security investigations.
The ideal candidate must be comfortable with cyber security incident response terminology, processes, and techniques, as well as a desire to be a key part of developing foundational talent on AbbVie’s Cyber Security Incident Response Team.
- Leading and managing a team of 24x7 defenders globally. The team is a mixture of full-time employees as well as staff augmentation.
- Acting as a subject matter expert in incident response, guide and oversee the SOC strategy and operation.
- Developing and maintaining an environment where the skills, knowledge, and performance of the group is constantly evolving.
- Developing and maintaining the strategy and roadmap for the CSOC to continuously drive improvements an increase service maturity.
- Operating autonomously to acknowledge, investigate, and escalate incidents in accordance with procedures and contractual SLA’s. Uphold and enforce established procedures and processes.
- Overseeing an MSP to ensure services are being delivered according to contractual obligations and with the utmost quality.
- Developing, generating, and reporting CSOC related metrics and KPI’s
- Overseeing technical delivery, assessing and continually improving output of the CSOC service, and ensuring processes are developed and enforced to in order to drive operational excellence.
- Overseeing tactical activities such as: identifying and reporting outages related to log/alert sources, evaluating and recommending security alert tuning based on false positive/true positive trends
- Co-managing on-call schedules and escalation call trees
- Leading daily standup operational calls
- Serving as a technical expert on CSIRT matters and acts as a member of Tier 3 Incident Response during critical incidents
- Managerial responsibilities such as staffing, performance assessments, career path and development planning, training, and coaching for all CSOC team members
- SOC analyst and incident response experience
- Knowledgeable on multiple technologies and systems that support CSOC and CSIRT services (e.g. SOAR, SIEM, IPS/IDS, EDR, etc.)
- Experience with basic triage concepts including, but not limited to: malware analysis (e.g. static, dynamic), log analysis, operating system artifact analysis, etc.
- Strong interpersonal skills required to establish and maintain positive relationships, as well as strong communication skills in the form of clear and concise reporting and delivering presentations to technical and non-technical customers.
- Ability to work off-hours and on-call as required
- Bachelor’s Degree and 8 years of experience or Master’s Degree and 7 years of experience
- Prior management and/or leadership experience in a 24x7 operational environment
- Prior experience leading and participating in major/critical cyber security incidents
- Experience with incident response methodologies within enterprise cloud environments
- Familiarity with digital forensics concepts and tools, malware reversal concepts and techniques, and data loss and data protection concepts and processes
- Certifications consisting of any of the following: GIAC Forensic Examiner (GCFE), GIAC Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Network Forensic Analyst (GNFA), GIAC Advanced Smartphone Forensics (GASF)
Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.