Head Of Security Incident Response And Threat Intel (Remote)

Job Responsibilities

• Partner with security architecture and engineering to implement security strategies, configurations, and technology to protect against Ransomware
• Coordinate with Legal, Sales, and Marketing for external facing security incident communications.
• Security log ingestion architecture into SIEM, SOAR, UEBA
• Development and implementation of incident response plans, CAPA process, and detailed runbooks
• Curation, monitoring, and integration of threat intelligence into the security tool chain
• Threat Intel & Hunting
  • Curation, monitoring, and integration of threat intelligence into the security tool chain
  • Partner with internal and external staff for threat hunting and penetration testing activities
• Email & Ransomware Protections:
  • Focus on ensuring Perkin Elmer is protected from email based and ransomware attacks
  • Monitor emerging ransomware and phishing threats, and implement mitigations in response to those threats as needed
  • Partner with security architecture and engineering to implement security strategies, configurations, and technology to protect against Ransomware
• Endpoint Security:
  • Collaborate with IT on mobile device management (MDM), including critical security controls admin access management, encryption, patching, and remote wipe.
  • Perform endpoint forensics as needed in the event of compromise
• Perform endpoint forensics as needed in the event of compromise
• Support information security awareness activities
• Partner closely with other team members within the CISO function within the areas of risk, compliance, governance and security architecture and engineering, to ensure alignment with the cross-team requirements.
• Hybrid/Multi-Cloud:
  • Consider cloud, hybrid-cloud, multi-cloud, and on-prem technologies in the design and implementation of security monitoring and response technology stack, and staffing models
  • Security log ingestion architecture into SIEM, SOAR, UEBA
• Partner with internal and external staff for threat hunting and penetration testing activities
• Collaborate with IT on mobile device management (MDM), including critical security controls admin access management, encryption, patching, and remote wipe.
• Build a security incident response and threat intel team that will enable the protection of Perkin Elmer’s business across corporate and product security within cloud, multi-cloud, hybrid-cloud and collocated architectures.
• Incident Response:
  • Triage, analyze, respond, and contain active threats
  • Provide cross business incident response leadership and collaboration
  • Tailor response escalation based upon type of incident, level of risk to the business, customer or regulatory impact (compromise vs unauthorized access vs data exposure vs data breach).
  • Provide regular updates to the CISO for executive leadership review based upon incident severity
  • Coordinate with third party IR forensics and legal firms in the event of a significant breach
  • Coordinate with Legal, Sales, and Marketing for external facing security incident communications.
• Monitor emerging ransomware and phishing threats, and implement mitigations in response to those threats as needed
• Alignment to MITRE Att&ck or other frameworks
• Tailor response escalation based upon type of incident, level of risk to the business, customer or regulatory impact (compromise vs unauthorized access vs data exposure vs data breach).
• Monitoring across cloud, multi-cloud, hybrid-cloud, operational technology (OT) and on-prem
• Provide cross business incident response leadership and collaboration
• Security incident response and threat leader for a 5500 person, global organization operating within 40 countries.
• Provide regular updates to the CISO for executive leadership review based upon incident severity
• ‘Shift Left’ mentality to reduce vulnerabilities
• Partner closely with MSSP for L1, L2, L3 triage and response as needed
• Expertise in protecting against OWSAP Top 10
• Lead the development, maintenance and review of information security policies and procedures
• Support third party penetration testing
• Ability to detect vulnerabilities and partner with devops on timely remediation based on SLAs
• Consider cloud, hybrid-cloud, multi-cloud, and on-prem technologies in the design and implementation of security monitoring and response technology stack, and staffing models
• Partner with MSSPs to enable a timely and secure exit from transition services agreements (TSAs) including the design, build and run of the net new security monitoring, threat intel, and incident response cloud security technology stack.
• Partner with the Head of Security Architecture and Engineering to build and run a net new cloud security technology stack utilizing best of breed and cloud native security technologies across 35+ required security areas.
• Manage security vendors, budget, and contract renewals in partnering with procurement and finance
• Triage, analyze, respond, and contain active threats
• Provide quarterly metrics to the CISO on security posture of Perkin Elmer, for the CEO and BOD
• Respond to 0 day vulnerabilities with the security architecture and engineering team
• Protect PerkinElmer systems, instruments, and data supporting a diverse set of enterprise and government customers.
• Work cross functionality with a quality management team in support of pharmaceutical and regulatory security requirements
• Collaborate with business stakeholder across Perkin Elmer including, but not limited too, R&D, Quality Management, and Operations.
• Security Monitoring:
  • The design and operation of a well tuned, and actionable security alerting and monitoring flow leveraging threat intel, IOCs, and automation
  • Monitoring across cloud, multi-cloud, hybrid-cloud, operational technology (OT) and on-prem
  • Alignment to MITRE Att&ck or other frameworks
  • Partner closely with MSSP for L1, L2, L3 triage and response as needed
• Provide support for security related requests for third-party audits
• Coordinate with third party IR forensics and legal firms in the event of a significant breach
• Focus on ensuring Perkin Elmer is protected from email based and ransomware attacks
• Vulnerability Management:
  • Respond to 0 day vulnerabilities with the security architecture and engineering team
  • ‘Shift Left’ mentality to reduce vulnerabilities
  • Expertise in protecting against OWSAP Top 10
  • Ability to detect vulnerabilities and partner with devops on timely remediation based on SLAs
  • Support third party penetration testing
• The design and operation of a well tuned, and actionable security alerting and monitoring flow leveraging threat intel, IOCs, and automation
• Incident commander for security incidents, ensuring the timely triage, response, containment, and communications around active security incidents.
• Mentor and coach junior team members

Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities of this job at any time

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Systems, or related field
• 10+ years experience in security incident response and threat intel

Additional Qualifications

• CISSP, CISM or similar certifications preferred.
• AWS and Azure Cloud IaaS expertise
• Experience in leading security efforts for a cloud transformation for a medium to large enterprise organization
• Technical expertise in implementing/configuring and running a SIEM, SOAR, UEBA, Security Analytics, EDR/MDR
• Position is fully remote, preference to candidates in North America, Europe, and Boston Massachusetts and surrounding areas.
• English language proficiency
• Experience with cloud, multi-cloud, hybrid-cloud, and on-prem technology architectures
• Potential Travel 10%

Critical Skills

• Leadership, teamwork and client service skills
• Strong written and verbal communication skills and presentation skills
• Organized, detail-oriented, trustworthy, willing to speak up, proactive, persuasive
• Comfortable at the command line, but not required for job function
• Demonstrated integrity within a professional environment

Technology Expertise Preferred

• Vulnerability Management – Wiz, Nessus, Qualys, Veracode, Orca, Synack
• IGA – SailPoint, Saviynt
• SIEM – Splunk, Exabeam, LogRhythm
• MDR - SentinelOne, Crowdstrike, Microsoft Defender, Expel, Reliaquest
• Service Now
• Atlassian Suite - JIRA & Confluence
• Amazon Web Services (AWS) and Microsoft Azure (AZURE)
• Secrets Management – Hashicorp, CyberArk, BeyondTrust, Bitwarden
• MDM – Intune, JAMF, Workspace One
• Log Management – ELK, Data lake as a Service
• IDP, SSO, MFA – Microsoft, Okta
• PAM – Beyond Trust, Saviynt, CyberArk
• Zero Trust Network: Zscaler, Palo Alto
• Operating Systems: Windows & Linux
• EDR – SentinelOne, Crowdstrike, Microsoft Defender
• Containers – Kubernetes, Docker

Preferred Experience

• Operational Technology (OT) security experience at a global manufacturing company
• Defending against nation state threat actors
• Experience preferred in applying relevant technical knowledge in at least four of the following audits/regulations: SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 27701, FISMA, FedRAMP, SOX 404, HITRUST CSF, HIPAA, ISO 9001, GxP, 21 CFR Part 11, GAMP 5, EU Annex 11
• Corporate IT / help desk experience
• Master’s degree
• Ability to script in languages such as – python, shell, ruby, perl
• Past United States Security Clearance

Physical Demands:

• Must be able to remains in a stationary position more than 25% of the time.
• Occasionally operates a computer and other office machinery, such as a calculator, copy machine, and computer printer.
• Specific vision abilities required by this position include without limitation, the ability to observe details at close range (within a few feet of the instrument), distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus in order to perform the essential service functions of this position.

About Working At Perkin Elmer

Backed by an 80-year history rich in innovation, PerkinElmer is a long-time leader and pioneer in the scientific community. We hire talented, committed and driven people and strive to create a work environment that brings out the entrepreneur in all of us. Perkin Elmer has over 5500 employees across 40+ countries.

Benefit packages include: Medical, Dental and Vision; Health Savings Accounts, Flexible Spending Accounts, Health and Wellness Programs and Incentives; Employer Matching 401(k); Tuition Reimbursement; Professional Development; Maternity and Paternity Leave; Paid Holidays and Personal Time Off; Life and Disability Insurance; and Work/Life Balance.