Company Description AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at Follow @abbvie on Twitter, Facebook, Instagram, bolthires and LinkedIn. Job Description This position is part of AbbVie’s Information Security & Risk Management (ISRM) team. We are here to put our partners in a position to succeed. We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk. This position can be remote anywhere in the U.S. This role is an advanced technical role focused on autonomously driving and maturing AbbVie’s threat detection and monitoring services. This role will serve as a technical subject matter expert on the cyber threat landscape, attacker tactics and techniques and serve as the lead on threat detection content development lifecycle. You will also coach junior team members, engage in advanced data analysis, and work closely with the Incident Response teams (primary customer). This role can be remote anywhere in the U.S. In this role, you’ll be responsible for: · Developing and maintaining threat detection content informed by the threat landscape, including tracking emerging threats and our coverage and susceptibility to the underlying techniques. · Understanding the threat landscape and coverage of related Tactics, Techniques, and Procedures (TTPs) by our technologies to understand where we need to fill gaps related to data, content, toolset etc. · Collaborating with the Red Team to test novel attack techniques, public exploit proof-of-concepts for emerging threats, and the efficacy of our existing detections. · Leading Purple Team exercises, including exercises conducted by external vendor. · Reporting, developing, and tuning of detection content to address Purple Team findings. · Reviewing detection content contributions from junior resources for accuracy and efficacy. · Actively participating in major cybersecurity incidents to provide input based on subject matter expertise, detection, and data insights. · Assisting with validating team member skills and contributing to career progression through coaching, training opportunities, and challenging team members to improve. · Collaborating with specialists and analysts to actively contribute to risk reduction efforts, including but not limited to assessments and in-depth research and analysis of threats. · Providing technical input into defensive toolset engineering, including content creation, tuning, expansion of defensive platforms, and implementation of new controls. · Staying informed of modern defensive cybersecurity controls functionality and limitations, including the latest defensive technologies and techniques. · Contributing to service improvements and expansion initiatives by providing input based on subject matter expertise and an advanced understanding of evolving threats. Tools and skills you will use in this role: · Identifying cybersecurity threats · Data analytics, including event correlation and trend analysis. · Industry leading security products including EDR, SIEM, SOAR, CSPM, vulnerability scanning, NGFW’s, internet proxies, zero trust. · Incident analysis and general troubleshooting · Industry leading ETL and data analytical tools · SQL or similar query languages Qualifications Required: • Bachelor's Degree with 8 years of experience OR Masters Degree with 7 years experience OR PhD with 3 years of experience in information security. • Strong knowledge and application of cybersecurity terminology and concepts, and expert understanding of the cyber threat landscape and attack vectors • Thorough understanding of the MITRE ATT&CK framework and its practical applications. • Expert data analytics using a modern SIEM or a similar logging/data analytics platform. • Demonstrated critical thinking, problem-solving, and analytical skills; investigates, defines, and resolves critical issues. • Strong knowledge of diverse operating systems, networking protocols, systems administration, and security technologies. • Willingness to be available, as needed, for critical and major security issues. • Demonstrated subject matter expertise across multiple cybersecurity capabilities. • Ability to work independently and effectively as part of a team. Beneficial: • Work experience as a tier-3 level incident responder or a Cyber Threat Intelligence analyst. • Ability to author technical documentation and perform quality assurance reviews of documents created by peers. • Regularly collaborate with peers, business, and IT stakeholders to support daily activities. • Ability to execute autonomou
