Security Specialist - Digital Forensics

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.

This position is part of AbbVie’s Information Security & Risk Management (ISRM) team.  We are here to put our partners in a position to succeed.  We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk.

AbbVie Information Security is looking for a highly motivated, talented individual to join the Digital Forensics Team (DFT). The DFT, working within the Cyber Security Operations (CSO) function, is responsible for performing deep-dive investigations in collaboration with our Cyber Security Incident Response Team (CSIRT), as well as providing investigative support and technical expertise to internal stakeholders such as Office of Ethics and Compliance, Employee Relations, Human Resources, Legal, and Global Security. Join us as a Security Specialist, Digital Forensics to work alongside a team of skilled digital forensics practitioners and help our business to continue to have remarkable impacts on people’s lives.

This is a highly technical role whose primary responsibilities are performing root cause and malware analysis on incidents where the DFT is engaged, leading confidential internal investigation support as a forensics SME, and leading evidence management efforts during all major and critical cyber security incidents.  This role is also responsible for helping to drive maturity initiatives across the DFT. The ideal candidate will be a technical subject matter expert in the realm of digital forensics, and drive service maturity improvements that will result in the safeguarding of our patients.

This role will assist in continuing to build your foundation of skills and knowledge in incident response and digital forensics and provides a clear career path to more senior incident response and digital forensics specializations.

In this role you will be responsible for:

• Conducting forensic data acquisition and preservation in support of confidential matters or cyber security investigations from internal applications, servers, laptops/desktops, and mobile devices
• Performing forensic analysis on collected evidence independently
• Explaining technical concepts and artifacts to non-technical audiences
• Providing analysis support during cyber security incident
• Performing malware analysis to determine root cause, persistence activity, or lateral movement
• Assist in evidence management efforts during all major and critical cyber security incidents during normal business hours as well as off-hours
• Act as member of the Incident Response team during major and critical cyber security incidents
• Maintaining forensics tools, including virtual environments
• Creating, maintaining, and updating documentation for acquisition, analysis, and reporting techniques
• Creating detailed, accurate, and professional forensic findings reports
• Developing, integrating, and improving digital forensics “playbooks” and documentation for the team
• Driving improvements in digital forensics automation capabilities within a SOAR environment
• Leading key projects related to corporate digital forensics and information security initiatives
• Evaluating industry standard tools and processes used for forensic acquisitions and analysis
• Keeping up to date with modern information security insider threats, attack vectors and exploits
• Significant Work Activities -Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)

 

Tools and skills you will use in this role:

• Mobile Device Acquisitions 
• Forensic analysis (deadbox, live system, mobile)
• Memory Analysis
• Several enterprise forensic suites
• Open source forensic tools
• Enterprise Compliance and EDR solutions

Experiences that make you a strong fit for this role:

Required:

• Bachelor’s degree with 5 years of experience OR Master’s degree with 4 years of experience
• Strong attention to detail, deep personal integrity, and high concern for data accuracy
• Strong interpersonal skills required to establish and maintain positive relationships with our internal business partners
• Basic understanding of Windows OS artifacts and system logs
• Basic understanding of security controls (i.e. anti-virus, EDR, IPS/IDS) and their capabilities
• Ability to author original technical documentation
• Working knowledge of diverse operating systems, networking protocols, systems administration, and security technologies
• Familiarity with digital forensics terminology, concepts, and common tools
• Familiarity with cyber security terminology and concepts, and basic understanding of the cyber threat landscape and attack vectors
• Capability to learn new concepts and processes quickly, and adapt to a constantly changing environment
• Demonstrated critical thinking, problem solving, and analytical skills with the ability to de-construct complex concepts
• Ability to successfully interact with non-technical personnel
• Ability to analyze and understand technical information
• Ability to work independently with minimal direction for day-to-day activities

Beneficial:

• Intermediate level of understanding of incident response terminology and methodologies
• Intermediate level of understanding of common Windows OS artifacts and their relation to cyber security investigations
• Knowledgeable of multiple technologies and systems that support CSOC and CSIRT services (e.g., SOAR, SIEM, IPS/IDS, EDR, etc.)
• Knowledgeable on areas of Information Security, outside of Incident Response (e.g., Security Architecture, Security Engineering, Application Security, Vulnerability Management, Threat Intelligence, etc.)
• Familiarity with cloud environment architecture
• Familiarity with various scripting languages (e.g., PowerShell, Python, JavaScript)
• Familiarity with digital forensics concepts and tools, malware reversal concepts and techniques, and data loss and data protection concepts and processes
• Experience analyzing and pivoting on large sets of data
• Familiarity with change and incident management concepts and processes
• Certifications consisting of any of the following: GIAC Forensic Examiner (GCFE), GIAC Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Network Forensic Analyst (GNFA), GIAC Advanced Smartphone Forensics (GASF), or other cybersecurity certifications.

If you believe you’re a great fit for this job but don’t have all of the experiences listed above, we encourage you to apply anyway!

Why Business Technology Solutions

For anyone who wants to use technology and data to make a difference in people’s lives, shape the digital transformation of a leading biopharmaceutical company, and secure sustainable career growth within a diverse, global team: we’re ready for you.

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: ​

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.​

• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.​
• This job is eligible to participate in our short-term incentive programs. ​

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law. ​

AbbVie is committed to operating with integrity, driving innovation, transforming lives, serving our community and embracing diversity and inclusion.  It is AbbVie’s policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, status as a protected veteran, or any other legally protected group status.