Associate Director, Incident Response, Cybersecurity Operations

Working with Us
Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams rich in diversity. Take your career farther than you thought possible.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us.

SUMMARY:

The Associate Director of Incident Response will be responsible for assisting and actioning Cyber Incident Response within the BMS Cyber Fusion Center (CFC). This role is responsible for responding to alerts and incidents within the BMS enterprise and to aid in providing technical guidance to team members. The ideal candidate will be highly technical, with an ability to quickly provide leadership level summaries while potentially dealing with multiple incidents. This role may also require the candidate to provide support as an incident commander, if the need arises. 

POSITION RESPONSIBILITIES:

• Investigate and lead incident response incidents and investigations, end-to-end 
• Leverage EDR tools to investigate and identify malicious activity to determine root cause 
• Supporting IR investigations by using malware, log, and network analysis 
• Conducting some threat hunting to support investigations 
• Working in Cloud platforms to conduct investigations 
• Working with threat intelligence to identify tools, tactics, and procedures (TTP) and indicators of compromise (IOC) 
• Providing expert opinion and insight into cyber related matters affecting BMS 
• Creating comprehensive analysis reports and potential after action reports, as needed 
• Communicating concisely and effectively with internal BMS stakeholders 
• Support CFC leadership on cyber related issues 
• Assist development of SOP’s and other necessary documentation for the CFC  

DESIRED EXPERIENCE:

• At least 5 years of hand on experience in Incident Response  
• At least 3 years of experience with SIEM, such as Sentinel or Splunk  
• After hours escalation and on-call responsibilities can be expected 
• MITRE ATT&CK framework knowledge 
• Prior blue team IR exposure and analysis 
• Demonstrated SIEM platform alert analysis experience. 
• Expert-level knowledge of common attack vectors and penetration techniques. 
• Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption. 
• Technical writing and presentation skills. 
• Event analysis and correlation. 
• Experience with Linux (CLI), MAC OSX, and Windows operating systems 
• Experience with cloud elements (S3, Impala, Athena, etc) 

Ideal Candidates Would Also Have: 

• Certified in one or more of the following: SANS 500 level course (GCIA, GCIH, etc) 
• Strong understanding of networking fundamentals (routing, OSI layers, CIDR). 
• Experience in fast-paced environment.   
• Experience with programming or scripting languages (Python, bash). 
• Ability to present highly technical information to non-technical audiences 
• Solid understanding of sigma rules and their creation 
• A working understanding of ATC RE&CT and VERIS

The starting compensation for this job is a range from $156,000 - $195,000 plus incentive cash and stock opportunities (based on eligibility).  The starting pay rate takes into account characteristics of the job, such as required skills and where the job is performed. Final, individual compensation will be decided based on demonstrated experience. 

Eligibility for specific benefits listed on our careers site may vary based on the job and location. For more on benefits, please visit https://careers.bms.com/life-at-bms/.

Benefit offerings are subject to the terms and conditions of the applicable plans then in effect and may include the following: Medical, pharmacy, dental and vision care. Wellbeing support such as the BMS Living Life Better program and employee assistance programs (EAP). Financial well-being resources and a 401(K). Financial protection benefits such as short- and long-term disability, life insurance, supplemental health insurance, business travel protection and survivor support. Work-life programs include paid national holidays and optional holidays, Global Shutdown Days between Christmas and New Year’s holiday, up to 120 hours of paid vacation, up to two (2) paid days to volunteer, sick time off, and summer hours flexibility. Parental, caregiver, bereavement, and military leave. Family care services such as adoption and surrogacy reimbursement, fertility/infertility benefits, support for traveling mothers, and child, elder and pet care resources. Other perks like tuition reimbursement and a recognition program.

If you come across a role that intrigues you but doesn’t perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.

Uniquely Interesting Work, Life-changing Careers
With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in an inclusive culture, promoting diversity in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

On-site Protocol

BMS has a diverse occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:

Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.

BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to adastaffingsupport@bms.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.

BMS cares about your well-being and the well-being of our staff, customers, patients, and communities. As a result, the Company strongly recommends that all employees be fully vaccinated for Covid-19 and keep up to date with Covid-19 boosters.

BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.

If you live in or expect to work from Los Angeles County if hired for this position, please visit this page for important additional information: https://careers.bms.com/california-residents/

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.