Global Technical Lead - Incident Response

Job Description

Global Technical Lead - Incident Response

At our company, we are dedicated to advancing the prevention and treatment of diseases in people and animals through innovative health solutions. We are seeking a highly skilled and motivated Global Technical Lead for Incident Response to join our team. This role offers the opportunity to lead and enhance our cybersecurity incident response efforts, ensuring the protection of our critical assets and data. If you are passionate about cybersecurity and thrive in a dynamic environment, we invite you to apply.

Responsibilities

• Facilitate and oversee the entire incident response lifecycle for cybersecurity incidents across multiple geographical regions, ensuring that all teams adhere to established protocols and practices throughout all phases, including Preparation, Detection & Analysis, Containment, Eradication& Recovery, and Post-Incident Activity
• Coordinate and implement technical decisions across the IR teams as the global tech lead.
• Perform in-depth analysis of escalations from SOC and IR analysts, offering constructive feedback during case reviews to improve response strategies.
• Provide expert technical advice to SOC and IR analysts, enhancing their effectiveness in managing cybersecurity incidents.
• Recommend and implement improvements to facilitate better collaboration between SOC and IR teams, aiming to reduce response times and streamline incident escalation processes.
• Analyze the potential impact of new threats detected during IR workflow and drive new technical solutions to address newly detected risks to the company.
• Ensure that comprehensive technical incident documentation—analysis findings, containment actions, and root cause analysis—is accurately maintained for each incident.
• Assist in interpreting logs from various devices and applications to identify root causes and determine actionable next steps in the containment, eradication, and recovery phases.
• Validate and provide inputs to incident response plans and processes, adapting them to address emerging threats effectively.
• Identify opportunities for workflow automation within incident analysis procedures to reduce response times and eliminate unnecessary manual steps.
• Develop specialized expertise to discern patterns of complex threat actor behavior and communicate insights regarding current and evolving cyber threats.
• Maintain an extensive understanding of common operating systems (Windows, Linux, Mac OS), security technologies (e.g., EDR, XDR, intrusion prevention system), and networking components (e.g., firewalls, proxies).

Qualifications

Required

• Demonstrated leadership skills: Ability to effectively lead technical teams, fostering collaboration and innovation within incident response functions.
• Extensive incident response experience: A robust background in incident response and cybersecurity, with hands-on experience in real-world scenarios.
• Crisis management experience: Proven ability to lead effectively during high-pressure situations, managing crises and coordinating response efforts.
• Cross-team coordination: Experience in coordinating and implementing technical decisions across diverse teams.
• Expert technical advisor: Proven ability to provide expert technical advice and constructive feedback to SOC and IR analysts.
• Familiarity with industry standards: Knowledge of frameworks such as NIST, SANS, and MITRE ATT&CK to guide incident response best practices.
• Log analysis proficiency: Skilled in analyzing and interpreting logs from a variety of devices and application.
• Presentation and training skills: Experience presenting incident response findings and conducting training sessions for SOC and IR teams to enhance their capabilities.
• Leveraging cyber threat intelligence: Proficient in utilizing threat intelligence sources to inform incident response strategies and drive operational improvements.
• Technical understanding: Strong grasp of common operating systems (Windows, Linux, macOS), security technologies (e.g., EDR, XDR, Intrusion Prevention Systems), and networking components (e.g., firewalls, proxies).
• Documentation excellence: Exceptional documentation skills for maintaining comprehensive records of incidents, including actions taken and outcomes.

Preferred

• Advanced cybersecurity certifications: Possession of advanced certifications (e.g., CISSP, DFIR, CEH, OSCP).
• Digital forensics expertise: Skills in digital forensics techniques for analyzing incidents and supporting investigations.
• Scripting and automation proficiency: Knowledge of programming languages such as Python, PowerShell, or Bash for automating tasks and enhancing incident response efficiency.
• Cloud security knowledge: Familiarity with cloud environments (e.g., AWS, Azure, Google Cloud) and understanding of their unique security considerations.
• Adaptive threat awareness: Knowledge of emerging cyber threats and the ability to proactively adapt incident response plans to address these evolving challenges.

What we offer:

• Exciting work in a great team, global projects, international environment,
• Opportunity to learn and grow professionally within the company globally,
• Hybrid working model, flexible role pattern (e.g., even 80% full-time is possible in justified cases),
• Pension and health insurance contributions,
• Internal reward system plus referral program,
• 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution,
• Cafeteria for tax free benefits according to your choice (meal vouchers, Lítačka, sport, culture, health, travel, etc.), Multisport Card,
• Vodafone, Raiffeisen Bank, Foodora, and Mall.cz discount programs,
• Up-to-date laptop and iPhone,
• Parking in the garage, showers, refreshments, massage chairs, library, music corner,
• Competitive salary, incentive pay, and many more. 

 
Ready to take up the challenge? Apply now! 
Know anybody who might be interested? Refer this job!

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.