Location: Raritan,NJ, USA
Johnson & Johnson is recruiting for a Manager, Level 2 Threat Response Analyst within the Cyber Security Operations Center (CSOC) supporting the Information Security and Risk Management (ISRM) group located in Raritan, NJ or can work remotely in the USA.
At Johnson & Johnson,?we believe health is everything. Our strength in healthcare innovation empowers us to build a?world where complex diseases are prevented, treated, and cured,?where treatments are smarter and less invasive, and?solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more a t
With $82.1 billion in 2020 sales, our company is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices markets. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.
If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.
Position Summary
Are you driven by a sense of purpose? We are focused, driven, and dedicated to providing world-class Security incident handling services. On the Cyber Security Operations Center level 1 (CSOC L1)/ level 2 (CSOC L2) team, we continually supervise possible malicious activity on endpoints, servers, networks, applications, databases, websites and other IT systems, looking for malicious activity that could be the indication of a security incident. We analyze security alerts, assess threat impact and coordinate containment, mitigation and eradication strategies by investing in our people.
Responsibilities include but are not limited to:
* Responsible for advanced ticket analysis, foundational remediations, and identifying and implementing continuous improvement initiatives
* Performs secondary investigation of escalations from L1 Analysts providing additional context
* Utilizing SIEM tools and other security technologies, including monitoring of network traffic, log analysis, and identifying and triaging potential security incidents
* Actively remediates complex malware infections, persistence mechanisms, and compromised accounts via file quarantine, registry and startup file modifications, and forced password/session revocation within AD
* Thorough understanding of Cloud and Operational Technology (OT) environments and infrastructure and uses the tools and methods defined in the standard operation procedure (SOP) to validate indicators of compromise and contain/remediate the threat.
* Identifies potential gaps in security controls, proposes active mitigations, and implements blocks based on file hash, malicious domain, IP, command line, etc.
* Reviews ticket volume for alert tuning and refinement opportunities to drive continuous improvement and automation of detection and remediation
* Assists SOC manager with metrics gathering, review, and reporting
* Assists SOC manager in identifying sources of continuous improvement, creation and maintenance of process documentation, and leading training for CI initiatives
* Responsible for consuming cyber threat intelligence and pursuing continuous education in order to stay current on modern attack vectors and adversaries