Director DDIT ISC Defensive Security Research

About The Role

Director DDIT ISC Defensive Security Research

Location: Tel Aviv, Israel

The Director DDIT ISC Defensive Security Research will lead a group of security researchers that will challenge Novartis information security defenses, ensuring the ISC program understanding of most relevant threats to information assets, potential threat actors targeting Novartis and our industry, as well as the latest attack vectors or unknown vulnerabilities. Collaborates closely with relevant stakeholders on intelligence gathering and reporting to senior management and might co-lead joint defense initiatives. They will be responsible for participating in threat actor-based investigations, creating new detection methodology and providing expert support to incident response and monitoring functions.

The focus of the Defensive Cyber Security Research team is to detect, disrupt and eradicate threat actors from enterprise networks. To execute this mission, the Defensive Cyber Security Research team will use data analysis, threat intelligence, and cutting-edge security technologies. The Defensive Cyber Security Research team will identify and analyze patterns and changes in tactics, techniques and procedures used by attackers to attack Novartis IT infrastructure and management staff. The analysis will result in indicators of compromise, accurate understanding of the risk to Novartis IT infrastructure and prioritization of remediation efforts.

Your key responsibilities:

• Develop a clear roadmap for maturity of our advance threat detection
• Own advanced threat detection from both insiders and external threat actors
• Accountable for identification of new threat vectors and undisclosed vulnerabilities that expose Novartis to information security exploits
• Effectively network and interact with the external IT Security community, interacting with external Cyber Security subject matter experts to identify high priority industry trends and focus areas, evaluate applicability to Novartis and provide recommended courses of action to the CISO and / or ISC Leadership Team.
• Ensure the continued provision and development of skilled and capable people to support ISC, defining and regularly reviewing the achievement of individual objectives direct reports.
• Ensuring appropriate development of team members through training, career development.
• Develop the ISC organization by fostering a culture of high performance and innovation.
• Hunt through huge number of signals to identify new emerging threats, dissect them and extract meaningful insights and indicators of compromise.
• Leverage threat intelligence and analysis of anomalous log data to detect threat actors.
• Provide expert analytic investigative support of large scale and complex security incidents.
• Perform analysis of security incidents for further enhancement of alert catalog and perform in-depth static and dynamic malware reverse engineering.
• Continuously improve processes for use across multiple detection sets for more efficient IT Security operations.
• Collaborate with the Security Operations Center to dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc, and with the Forensics team to provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors.
  
  

Commitment to Diversity & Inclusion:

We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

Role Requirements

What you’ll bring to the role:

• 5+ years of experience in Incident Response / Threat Intel. / CERT team or 5+ years of experience with malware investigations.
• Critical understanding of the cyber attacker kills chain elements, with particular emphasis on attack objectives.
• Advanced understanding of cyber threat vectors and countermeasures.
• Familiarity with the current nation-state (“APT”) threat landscape and the various actors and groups.
• Very strong team and interpersonal skills along with the ability to work independently and achieve individual goals.
• Coordinate with other team members to achieve the specified objectives.
• High level of documentation and organizational skills.
• Produce detailed technical reports in support of malware / other investigations.
• Effective oral and written communication skills.
  
  

Desirable :

• BA or BSc in Computer Science or a related field
• Relevant Technical Security Certifications (GIAC, EC-Council, Offensive Security, etc.)
  
  

Why consider Novartis?

Our purpose is to reimagine medicine to improve and extend people’s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here:

https://www.novartis.com/about/strategy/people-and-cultureImagine what you could do here at Novartis!

Imagine what you could do here at Novartis!

Commitment to Diversity and Inclusion:

Novartis is committed to building an outstanding, inclusive work environment and diverse teams' representative of the patients and communities we serve.

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network

Division

Operations

Business Unit

DATA, DIGITAL & IT

Work Location

Tel Aviv

Company/Legal Entity

Novartis Israel

Functional Area

Technology Transformation

Job Type

Full Time

Employment Type

Regular

Shift Work

No

Early Talent

No