Job Description
People. Passion. Possibilities. Three words that make a world of difference.
More than a job. It's a chance to make a real difference.
Together, we break through – as a Senior Security Analyst I Incident Response (all genders)
This position is part of AbbVie’s Information Security & Risk Management (ISRM) team. We are here to put our partners in a position to succeed. We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk.
AbbVie Information Security is looking for a highly motivated, talented defender to join the Cyber Security Incident Response Team (CSIRT). The Cyber Security Operations Center (CSOC) manages the initial investigation and response to security events, alerts, and threats, and works directly to augment the incident responders. This is a new capability within the Cyber Security Incident Response Team (CSIRT), working within the larger Cyber Security Operations (CSO) function. Join us as a Senior Security Analyst I Incident Response to form the first line of defense against cyber-attacks and help our business to continue to have remarkable impacts on people’s lives.
This highly technical role will be primarily responsible for responding to cyber security incidents escalated by the Cyber Security Operations Center (CSOC); driving containment, eradication, and recovery efforts; assisting in improving AbbVie’s threat detection capabilities; investigating ad-hoc cases; conducting threat hunts; and being a major contributor during critical cyber security incidents.
The ideal candidate must have prior experience with performing cyber security investigations, including performing triage and analyzing large data sets, as well as in depth knowledge of the latest threats, tactics, and techniques used by adversaries – and how to identify them.
Make your mark:
* Act as a Tier 3 escalation point for cyber security incidents at AbbVie, executing response plans and coordinating activity as needed
* Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention or direction
* Interpret and summarize technical information for presentation to non-technical business contacts (i.e. executive incident summaries)
* Develop, integrate, improve cyber security incident response “playbooks” and documentation for the team
* Identify capability gaps and assist in developing those capabilities or implementing technology as needed
* Examine log, system, and malware data to assess incident scope and impact
* Prepare formal reports on incident findings
* Drive improvements in cyber security incident detection
* Drive improvements in cyber security incident response automation capabilities
* Act as a first responder for cyber security incidents during normal business/off-hours and on-call
* Participate and conduct threat hunts as needed
* Act as Incident Commander for Priority 3 incidents, and Priority 2 incidents as required
* Assist and drive cyber security awareness and education initiatives, as needed
* Operating in a global on-call rotation and being available to respond outside of normal business hours, if necessary
Qualifications
This is how you make a difference:
* Demonstrated competency in log analysis or investigative activities in roles such as incident response, threat intelligence, security testing, or threat/vulnerability response.
* Knowledgeable on multiple technologies and systems that support CSOC and CSIRT services (e.g. SOAR, SIEM, IPS/IDS, EDR, etc.)
* Expert level understanding of incident response terminology and methodologies
* Advanced level understanding of Windows OS artifacts, TCP/IP networking, malware behaviors
* Familiarity with ITIL concepts and services
* Ability to author clear and concise incident reports
* Ability to successfully, professionally, and respectfully interact with non-technical in-business contacts
* Ability to work independently without direction for day-to-day activities
* Willingness to be available, as needed, for major and critical incident response activities during off-hours; and be on-call as required
* Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment
* Education & Experience - Minimum of one of the following:
* Minimum of 8 years of IT experience with 6 years in a specialized information security role
* Bachelor’s Degree in computer science or related technical field and 6 years of IT experience
* Bachelor’s Degree in computer science or related technical field and 5 years of specialized information security experience
* Master’s Degree in computer science or related technical field and 4 years of specialized information security experience
* Equivalent qualification (e.g. completed apprenticeship with an IT focus) with several years of relevant experience
* Fluent language proficiency in German and English
Beneficial:
* Prior experience participating in major/critical or complicated cyber security incidents
* Experience with incident response methodologies within enterprise cloud environments
* Experience analyzing and pivoting on large sets of data, with the ability to identify patterns, anomalies, and outliers
* Familiarity with digital forensics concepts and tools, malware reversal concepts and techniques, and data loss and data protection concepts and processes
* Familiarity with various scripting languages (e.g. PowerShell, Python, JavaScript)
* Certifications consisting of any of the following: GIAC Forensic Examiner (GCFE), GIAC Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Network Forensic Analyst (GNFA), GIAC Advanced Smartphone Forensics (GASF)
* 4-year college degree in computer science or related technical field is preferred
What we offer you:
* with a diverse work environment where you can have a real impact
* with an open corporate culture
* with an attractive salary
* with an intensive onboarding process with a mentor at your side
* with flexible work models for a healthy work-life balance
* with a corporate health management that offers comprehensive health and exercise programs
* with company social benefits
* with a wide range of career opportunities in an international organization
* with top-tier, attractive development opportunities
* with a strong international network
At multiple times, we have been globally recognized as a "Great Place to Work" and we are proud to provide our employees with the flexibility to maintain a healthy work-life balance. We take our impact on the environment and our communities seriously and therefore focus on giving something back on a regular basis. We are committed to equality, equity, diversity and inclusion (EED&I) – a commitment that is fundamental to us. This includes appreciating different perspectives, creating an inclusive culture and treating all employees with dignity and respect.
At AbbVie, your individual contributions count – help us move mountains together. Be a part of our success, grow with us and accomplish more than you could have imagined. Sounds like the perfect career opportunity for you? We look forward to receiving your application! All you need is a complete CV – we will discuss everything else with you in person.
Any questions? Feel free to email us at TalentAcquisition.de@abbvie.com – We look forward to hearing from you!
Additional Information
AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
US & Puerto Rico only - to learn more, visit
US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more: