Job Description People. Passion. Possibilities. Three words that make a world of difference. More than a job. It's a chance to make a real difference. Together, we break through – as a Senior Security Analyst I Incident Response (all genders) This position is part of AbbVie’s Information Security & Risk Management (ISRM) team. We are here to put our partners in a position to succeed. We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk. AbbVie Information Security is looking for a highly motivated, talented defender to join the Cyber Security Incident Response Team (CSIRT). The Cyber Security Operations Center (CSOC) manages the initial investigation and response to security events, alerts, and threats, and works directly to augment the incident responders. This is a new capability within the Cyber Security Incident Response Team (CSIRT), working within the larger Cyber Security Operations (CSO) function. Join us as a Senior Security Analyst I Incident Response to form the first line of defense against cyber-attacks and help our business to continue to have remarkable impacts on people’s lives. This highly technical role will be primarily responsible for responding to cyber security incidents escalated by the Cyber Security Operations Center (CSOC); driving containment, eradication, and recovery efforts; assisting in improving AbbVie’s threat detection capabilities; investigating ad-hoc cases; conducting threat hunts; and being a major contributor during critical cyber security incidents. The ideal candidate must have prior experience with performing cyber security investigations, including performing triage and analyzing large data sets, as well as in depth knowledge of the latest threats, tactics, and techniques used by adversaries – and how to identify them. Make your mark : Act as a Tier 3 escalation point for cyber security incidents at AbbVie, executing response plans and coordinating activity as needed Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention or direction Interpret and summarize technical information for presentation to non-technical business contacts (i.e. executive incident summaries) Develop, integrate, improve cyber security incident response “playbooks” and documentation for the team Identify capability gaps and assist in developing those capabilities or implementing technology as needed Examine log, system, and malware data to assess incident scope and impact Prepare formal reports on incident findings Drive improvements in cyber security incident detection Drive improvements in cyber security incident response automation capabilities Act as a first responder for cyber security incidents during normal business/off-hours and on-call Participate and conduct threat hunts as needed Act as Incident Commander for Priority 3 incidents, and Priority 2 incidents as required Assist and drive cyber security awareness and education initiatives, as needed Operating in a global on-call rotation and being available to respond outside of normal business hours, if necessary