Manager, Level 2 Threat Response Analyst

Description

Johnson & Johnson is recruiting for a Manager, Level 2 Threat Response Analyst within the Cyber Security Operations Center (CSOC) supporting the Information Security and Risk Management (ISRM) group located in Raritan, NJ or can work remotely in the USA.

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more a t

With $82.1 billion in 2020 sales, our company is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices markets. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.

If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.

Position Summary

Are you driven by a sense of purpose? We are focused, driven, and dedicated to providing world-class Security incident handling services. On the Cyber Security Operations Center level 1 (CSOC L1)/ level 2 (CSOC L2) team, we continually supervise possible malicious activity on endpoints, servers, networks, applications, databases, websites and other IT systems, looking for malicious activity that could be the indication of a security incident. We analyze security alerts, assess threat impact and coordinate containment, mitigation and eradication strategies by investing in our people.

Responsibilities include but are not limited to:

• Responsible for advanced ticket analysis, foundational remediations, and identifying and implementing continuous improvement initiatives
• Performs secondary investigation of escalations from L1 Analysts providing additional context
• Utilizing SIEM tools and other security technologies, including monitoring of network traffic, log analysis, and identifying and triaging potential security incidents
• Actively remediates complex malware infections, persistence mechanisms, and compromised accounts via file quarantine, registry and startup file modifications, and forced password/session revocation within AD
• Thorough understanding of Cloud and Operational Technology (OT) environments and infrastructure and uses the tools and methods defined in the standard operation procedure (SOP) to validate indicators of compromise and contain/remediate the threat.
• Identifies potential gaps in security controls, proposes active mitigations, and implements blocks based on file hash, malicious domain, IP, command line, etc.
• Reviews ticket volume for alert tuning and refinement opportunities to drive continuous improvement and automation of detection and remediation
• Assists SOC manager with metrics gathering, review, and reporting
• Assists SOC manager in identifying sources of continuous improvement, creation and maintenance of process documentation, and leading training for CI initiatives
• Responsible for consuming cyber threat intelligence and pursuing continuous education in order to stay current on modern attack vectors and adversaries

Qualifications

Required:

• A minimum of a bachelor's degree or 11 years of related work experience is required.
• A minimum of 7 years of cyber investigation experience.
• Excellent executive intelligence writing and briefing skills.
• Deep understanding in using SIEM and related tools to conduct investigations.
• Knowledge of incident response processes is required.
• Strong IT experience with common operating systems, services, networking protocols, logging, attacker techniques and tools is required and the ability to articulate the relationship between the various data sources is required.
• Proven track record to identify operational deficiencies and drive corrective actions and plans to address them is required.
• A solid grasp of the current threat landscape including the latest tactics, tools, and procedures, common malware variants, and effective techniques for detecting this malicious activity is required.
• Superb interpersonal, verbal, and written communication skills are required.
• Possessing the credibility and presence to act as subject matter expert is required.
• Results Orientation/Sense of Urgency - ability to drive to short timelines required.
• Creative problem-solving skills required.
• This role may require up to 10% travel

Preferred:

• Experience with Cloud Security technologies as Microsoft Azure Security Center, Log Analytics or Azure Sentinel is preferred
• Knowledge and experience with industrial networks would be a plus.
• Experience working with virtual, global teams - including diverse groups of people with multifaceted backgrounds and cultural experience is preferred
• Security certifications in Sec+, Network+, GCIH, CISSP, CISM, Certified Ethical Hacker, Cybersecurity Practitioner (CSX-P) preferred

JNJTech

The anticipated base pay range for this position is $99,000 to $170,200.

The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation's performance over a calendar/performance year. Bonuses are awarded at the Company's discretion on an individual basis.

• Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
• Employees may be eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k))
• Employees are eligible for the following time off benefits: - Vacation - up to 120 hours per calendar year
• Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington - up to 56 hours per calendar year
• Holiday pay, including Floating Holidays - up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year

• Additional information can be found through the link below.

The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market."

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.