Head Of Security Incident Response And Threat Intel (Remote)

Job Responsibilities

• Email & Ransomware Protections:
  • Focus on ensuring Perkin Elmer is protected from email based and ransomware attacks
  • Monitor emerging ransomware and phishing threats, and implement mitigations in response to those threats as needed
  • Partner with security architecture and engineering to implement security strategies, configurations, and technology to protect against Ransomware
• Tailor response escalation based upon type of incident, level of risk to the business, customer or regulatory impact (compromise vs unauthorized access vs data exposure vs data breach).
• Focus on ensuring Perkin Elmer is protected from email based and ransomware attacks
• Mentor and coach junior team members
• Provide cross business incident response leadership and collaboration
• Monitor emerging ransomware and phishing threats, and implement mitigations in response to those threats as needed
• Build a security incident response and threat intel team that will enable the protection of Perkin Elmer’s business across corporate and product security within cloud, multi-cloud, hybrid-cloud and collocated architectures.
• Threat Intel & Hunting
  • Curation, monitoring, and integration of threat intelligence into the security tool chain
  • Partner with internal and external staff for threat hunting and penetration testing activities
• Endpoint Security:
  • Collaborate with IT on mobile device management (MDM), including critical security controls admin access management, encryption, patching, and remote wipe.
  • Perform endpoint forensics as needed in the event of compromise
• Development and implementation of incident response plans, CAPA process, and detailed runbooks
• Provide regular updates to the CISO for executive leadership review based upon incident severity
• Partner with internal and external staff for threat hunting and penetration testing activities
• Incident commander for security incidents, ensuring the timely triage, response, containment, and communications around active security incidents.
• Consider cloud, hybrid-cloud, multi-cloud, and on-prem technologies in the design and implementation of security monitoring and response technology stack, and staffing models
• Curation, monitoring, and integration of threat intelligence into the security tool chain
• Vulnerability Management:
  • Respond to 0 day vulnerabilities with the security architecture and engineering team
  • ‘Shift Left’ mentality to reduce vulnerabilities
  • Expertise in protecting against OWSAP Top 10
  • Ability to detect vulnerabilities and partner with devops on timely remediation based on SLAs
  • Support third party penetration testing
• Expertise in protecting against OWSAP Top 10
• Alignment to MITRE Att&ck or other frameworks
• Manage security vendors, budget, and contract renewals in partnering with procurement and finance
• Monitoring across cloud, multi-cloud, hybrid-cloud, operational technology (OT) and on-prem
• Hybrid/Multi-Cloud:
  • Consider cloud, hybrid-cloud, multi-cloud, and on-prem technologies in the design and implementation of security monitoring and response technology stack, and staffing models
  • Security log ingestion architecture into SIEM, SOAR, UEBA
• Ability to detect vulnerabilities and partner with devops on timely remediation based on SLAs
• Collaborate with IT on mobile device management (MDM), including critical security controls admin access management, encryption, patching, and remote wipe.
• Security log ingestion architecture into SIEM, SOAR, UEBA
• Protect PerkinElmer systems, instruments, and data supporting a diverse set of enterprise and government customers.
• Partner with security architecture and engineering to implement security strategies, configurations, and technology to protect against Ransomware
• Provide support for security related requests for third-party audits
• Incident Response:
  • Triage, analyze, respond, and contain active threats
  • Provide cross business incident response leadership and collaboration
  • Tailor response escalation based upon type of incident, level of risk to the business, customer or regulatory impact (compromise vs unauthorized access vs data exposure vs data breach).
  • Provide regular updates to the CISO for executive leadership review based upon incident severity
  • Coordinate with third party IR forensics and legal firms in the event of a significant breach
  • Coordinate with Legal, Sales, and Marketing for external facing security incident communications.
• Partner closely with MSSP for L1, L2, L3 triage and response as needed
• Coordinate with third party IR forensics and legal firms in the event of a significant breach
• Security incident response and threat leader for a 5500 person, global organization operating within 40 countries.
• Partner with the Head of Security Architecture and Engineering to build and run a net new cloud security technology stack utilizing best of breed and cloud native security technologies across 35+ required security areas.
• Coordinate with Legal, Sales, and Marketing for external facing security incident communications.
• Partner closely with other team members within the CISO function within the areas of risk, compliance, governance and security architecture and engineering, to ensure alignment with the cross-team requirements.
• Support third party penetration testing
• Lead the development, maintenance and review of information security policies and procedures
• Triage, analyze, respond, and contain active threats
• Work cross functionality with a quality management team in support of pharmaceutical and regulatory security requirements
• Support information security awareness activities
• Collaborate with business stakeholder across Perkin Elmer including, but not limited too, R&D, Quality Management, and Operations.
• Provide quarterly metrics to the CISO on security posture of Perkin Elmer, for the CEO and BOD
• ‘Shift Left’ mentality to reduce vulnerabilities
• Respond to 0 day vulnerabilities with the security architecture and engineering team
• Security Monitoring:
  • The design and operation of a well tuned, and actionable security alerting and monitoring flow leveraging threat intel, IOCs, and automation
  • Monitoring across cloud, multi-cloud, hybrid-cloud, operational technology (OT) and on-prem
  • Alignment to MITRE Att&ck or other frameworks
  • Partner closely with MSSP for L1, L2, L3 triage and response as needed
• The design and operation of a well tuned, and actionable security alerting and monitoring flow leveraging threat intel, IOCs, and automation
• Perform endpoint forensics as needed in the event of compromise
• Partner with MSSPs to enable a timely and secure exit from transition services agreements (TSAs) including the design, build and run of the net new security monitoring, threat intel, and incident response cloud security technology stack.

Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities of this job at any time

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Systems, or related field
• 10+ years experience in security incident response and threat intel

Additional Qualifications

• AWS and Azure Cloud IaaS expertise
• Technical expertise in implementing/configuring and running a SIEM, SOAR, UEBA, Security Analytics, EDR/MDR
• Position is fully remote, preference to candidates in North America, Europe, and Boston Massachusetts and surrounding areas.
• Experience with cloud, multi-cloud, hybrid-cloud, and on-prem technology architectures
• Experience in leading security efforts for a cloud transformation for a medium to large enterprise organization
• CISSP, CISM or similar certifications preferred.
• Potential Travel 10%
• English language proficiency

Critical Skills

• Demonstrated integrity within a professional environment
• Strong written and verbal communication skills and presentation skills
• Organized, detail-oriented, trustworthy, willing to speak up, proactive, persuasive
• Leadership, teamwork and client service skills
• Comfortable at the command line, but not required for job function

Technology Expertise Preferred

• IGA – SailPoint, Saviynt
• Amazon Web Services (AWS) and Microsoft Azure (AZURE)
• IDP, SSO, MFA – Microsoft, Okta
• Zero Trust Network: Zscaler, Palo Alto
• Operating Systems: Windows & Linux
• Secrets Management – Hashicorp, CyberArk, BeyondTrust, Bitwarden
• EDR – SentinelOne, Crowdstrike, Microsoft Defender
• MDM – Intune, JAMF, Workspace One
• Containers – Kubernetes, Docker
• Service Now
• PAM – Beyond Trust, Saviynt, CyberArk
• MDR - SentinelOne, Crowdstrike, Microsoft Defender, Expel, Reliaquest
• Log Management – ELK, Data lake as a Service
• Atlassian Suite - JIRA & Confluence
• SIEM – Splunk, Exabeam, LogRhythm
• Vulnerability Management – Wiz, Nessus, Qualys, Veracode, Orca, Synack

Preferred Experience

• Corporate IT / help desk experience
• Operational Technology (OT) security experience at a global manufacturing company
• Master’s degree
• Past United States Security Clearance
• Defending against nation state threat actors
• Ability to script in languages such as – python, shell, ruby, perl
• Experience preferred in applying relevant technical knowledge in at least four of the following audits/regulations: SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 27701, FISMA, FedRAMP, SOX 404, HITRUST CSF, HIPAA, ISO 9001, GxP, 21 CFR Part 11, GAMP 5, EU Annex 11

Physical Demands:

• Must be able to remains in a stationary position more than 25% of the time.
• Specific vision abilities required by this position include without limitation, the ability to observe details at close range (within a few feet of the instrument), distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus in order to perform the essential service functions of this position.
• Occasionally operates a computer and other office machinery, such as a calculator, copy machine, and computer printer.

About Working At Perkin Elmer

Backed by an 80-year history rich in innovation, PerkinElmer is a long-time leader and pioneer in the scientific community. We hire talented, committed and driven people and strive to create a work environment that brings out the entrepreneur in all of us. Perkin Elmer has over 5500 employees across 40+ countries.

Benefit packages include: Medical, Dental and Vision; Health Savings Accounts, Flexible Spending Accounts, Health and Wellness Programs and Incentives; Employer Matching 401(k); Tuition Reimbursement; Professional Development; Maternity and Paternity Leave; Paid Holidays and Personal Time Off; Life and Disability Insurance; and Work/Life Balance.