Information Security Incident Response Analyst

Job Summary:

The role of a BD Incident Response analyst is to maintain the confidentiality, integrity, and availability of BD’s systems by preparing for and minimizing cyber security incident-based losses, theft of information, or disruption of services that could result in serious loss of information assets, revenue, public confidence, reputation, or market share.

Job Responsibilities: (Primary Duties, Roles, and/or Authorities)

• Coordinate with multi-functional teams to ensure timely and effective incident response, following BD’s internal policies and procedures

• Serve as liaison between technical teams and the business, ensuring clear and concise communication with management teams

• Declare security incidents, assign severity based on business impact, and lead investigation

• Reverse engineer a series of events from correlating multiple log sources

• Establish timelines of events and root cause analysis for incidents

• Independently prescribe thorough and comprehensive containment and remediation plans to mitigate the impact from security incidents

• Identify trends in security incidents and events and propose proactive solutions

• Identify, develop and implement automation to optimize processes

• Develop and operationalize process documentation including playbooks and work instructions

• Provide oversight and support to MSSP (Managed Security Services Provider) incident response resources

• Document/Log all Incident details, allocating categorization and prioritization codes

• Keep both internal and external partners informed about incident status at agreed intervals

• Develop, participate in, and/or conduct tabletop exercises

• Demonstrate security knowledge by keeping current on threats, trends, tools, etc

• Development and execution of incident communications for both internal and external audiences, where required

• Lead and participate in after-hours incidents when required, including international hours and on-call rotation

Education and Experience:

• A minimum of a bachelor’s degree is required. Ideal candidate will have a degree in cybersecurity, business, crisis management, communication, project coordination, computer science, or other technical discipline

• Preferred certifications or the ability to acquire, such as GCIH, CISSP, CCSP, or other certifications recognized in the industry.

• A minimum of 2 years of experience in incident response and the proven ability to operate cross functionally to execute business wide initiatives is required.

• Preferred 3-5 years of experience in general cybersecurity roles, including but not limited to: risk management or assessment, incident response, security engineering, security operations, vulnerability management, threat intelligence, or identity and access management

• Preferred 1-2 years of experience in working with and providing oversight and support to an MSSP (Managed Security Services Provider)

Knowledge and Skills:

Non-technical or soft skills:

• Excellent verbal and written communications skills, project management and the ability to communicate well with non-technical audiences.

• High motivation, with dynamic and customer-centric skills and the ability to thrive in a challenging and changing high-pressure environment

• Proficient understanding and applicability of:

  • NIST Cybersecurity framework

  • FDA cybersecurity guidance

  • MITRE ATT&CK framework

  • Lockheed Martin Cyber Kill Chain

• Effective meeting management and group facilitation skills

• The ability to think both strategically and tactically

• Able to work autonomously while maintaining a high level of accuracy and attention to detail

• Ability to take initiative and make critical decisions independently during incident investigations

Technical:

• Proficient skills with technology such as:

  • SIEM (Security Information and Event Management)

  • XDR/EDR (Extended Detection and Response / Endpoint Detection and Response)

  • IDS/IPS (Intrusion Detection System / Intrusion Prevention System)

  • SOAR (Security Orchestration, Automation, and Response)

  • other similar security controls

• Familiarity with scripting languages such as Python, PowerShell, Bash, or other

Primary Work Location and Additional Considerations:

• USA CA - San Diego Bldg A&B
• We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to sponsor Visas' at this time.
• We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to provide Relocation assistance at this time.
• We encourage Candidates near our BD Location of: USA CA - San Diego to apply for this Hybrid role.
• This is a Hybrid role that requires you to be at your assigned worksite 4 days out of the week and other days from home. Local policies may apply. BD may change your work arrangement based on business needs.
• The ability to travel up to 10% annually

Why Join Us?

A career at BD means being part of a team that values your opinions and contributions and that encourages you to bring your authentic self to work. It’s also a place where we help each other be great, we do what’s right, we hold each other accountable, and learn and improve every day.

To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do. We welcome people with the imagination and drive to help us reinvent the future of health. At BD, you’ll discover a culture in which you can learn, grow, and thrive. And find satisfaction in doing your part to make the world a better place.