Associate Director, Incident Response and Forensics

CSL is looking for a highly technical and detail-oriented leader in the DFIR space that specializes in digital forensics, malware analysis, threat detection, and the fast-paced excitement of supporting incident response activities. 

As the leader of our Digital Forensics and eDiscovery team, you will be responsible to support and grow a global team, own the strategy and direction for the people, processes, and technology to fulfill your mission, and partner deeply with our Security Operations, Data Loss Prevention, and Threat Intelligence teams to help CSL defend itself from cyber attacks. You will direct the adoption of new tools and technologies to further your goals. 

The position holder: 

Leads a global team to apply security incident handling processes for CSL to successfully support the cybersecurity and information security incident response process to: 

• Prepare for 
• Identify
• Contain 
• Eradicate 
• Recover 

from cybersecurity events 

The role will lead a global team of digital forensics, incident response and eDiscovery analysts that will: 

• Work closely with the Director, Security Operations to develop and implement a cybersecurity threat analysis structure of common attack techniques to evaluate an attacker's spread through a CSL system, platform and or network. 

• Develop and maintain a continuous upskilling program for your team to increase skills and overall capability maturity 

• Identify and implement tools to determine attack types and choose appropriate defenses and response tactics for each 

• Derive Indicators of Compromise (IOCs) from malicious activity to strengthen incident response, threat detection, and intelligence efforts 

• Conduct in-depth forensic analysis of various operating systems 

• Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation 

• Detect and hunt for adversary tools, tactics, and procedures (TTPs) across an enterprise environment 

• Partner with Compliance, Legal, Privacy, and other teams to perform internal investigations pertaining to eDiscovery matters 

Demonstrates thought leader-level abilities with, and/or a proven record of success directing efforts in the following areas:  Network Analysis  Computer Memory Analysis  Endpoint Analysis  Cyber Incident Lifecycle  NIST 800-61  Lead and supervise teams to create an atmosphere of trust and seek diverse views to encourage improvement and innovation, answer questions and provide direction to less-experienced staff, coach staff including providing timely meaningful written and verbal feedback 

Reports to Executive Director, Enterprise Monitoring & Cyber Resilience 

Direct Reports – This role will manage a team of Forensics, eDiscovery, Incident Response and Threat Hunting SME’s and may have Project Managers, Project Coordinators, Security Architects, and vendors or managed service providers as direct and indirect reports based on security project portfolio. 

Main Responsibilities and Accountabilities:

Participates in the hiring, growth, and development of junior incident response staff in the areas of threat hunting, forensic analysis, eDiscovery, litigation hold, incident resolution and return to operations. Mentors and directs specially assigned incident response project managers and their teams and program management staff, and actively role models expected project management and leadership behaviors and processes designed to improve project results and the performance of the team.  

Position Qualifications and Experience Requirements:

Required: College degree, preferably in a related technical subject; or advanced degree in business or industry-related subject or equivalent related work experience in cybersecurity and manufacturing. 

Preferred: An advanced degree (MS) in a relevant discipline (or equivalent) including cybersecurity, management information systems, and related technologies related to manufacturing cybersecurity. 

Project management certification / training desirable / CISSP, CISM, CISO, GIAC-GCED, GIAC-GCIH, and/or GIAC-CFE certification preferred. 

Essential Experience: 

• 8+ years demonstrated experience leading global, multi-functional Digital Forensics/Cybersecurity Incident Response teams (bio-pharma manufacturing environment preferred but not mandatory) 

• Strong leadership, consultative, communication, and conflict management skills to influence project leaders and stakeholders, including non-specialists, at all levels in the organization and achieve team objectives while maintaining a positive team environment. 

• The ability to train, mentor, and develop project managers in project management methodologies and their application; the ability to manage in a matrix environment. 

• The ability to work on complex problems where analysis of situation or data requires an in-depth evaluation of various factors to achieve best results. 

• The ability to clearly communicate complex issues to senior management so that critical issues are understood quickly and can be addressed immediately. 

• Strong strategic planning, quantitative, and decision analysis capabilities.  

• Strong project management and integration skills; ability to coordinate all aspects of a project or program. 

• Demonstrated experience in developing, managing, and controlling cross functional project budgets. 

• 8+ years’ experience using a formal project management methodology, techniques and tools. 

• Proficiency and use of enterprise computer applications including the Microsoft suite of products and project management software. 

Desired Experience: 

• Experience in biopharmaceutical industry 
• Experience in crafting enterprise incident response programs for a global company – process and technical definition. 

CSL Behring is a global biotherapeutics leader driven by our promise to save lives. Focused on serving patients’ needs by using the latest technologies, we discover, develop and deliver innovative therapies for people living with conditions in the immunology, hematology, cardiovascular and metabolic, respiratory, and transplant therapeutic areas. We use three strategic scientific platforms of plasma fractionation, recombinant protein technology, and cell and gene therapy to support continued innovation and continually refine ways in which products can address unmet medical needs and help patients lead full lives.

CSL Behring operates one of the world’s largest plasma collection networks, CSL Plasma. Our parent company, CSL, headquartered in Melbourne, Australia, employs 32,000 people, and delivers its lifesaving therapies to people in more than 100 countries.

To learn more about CSL, CSL Behring, CSL Seqirus and CSL Vifor  visit https://www.csl.com/ and CSL Plasma at https://www.cslplasma.com/.

Our Benefits

For more information on CSL benefits visit How CSL Supports Your Well-being | CSL.

You Belong at CSL

At CSL, Inclusion and Belonging is at the core of our mission and who we are. It fuels our innovation day in and day out. By celebrating our differences and creating a culture of curiosity and empathy, we are able to better understand and connect with our patients and donors, foster strong relationships with our stakeholders, and sustain a diverse workforce that will move our company and industry into the future.

 To learn more about inclusion and belonging visit https://www.csl.com/careers/inclusion-and-belonging

Equal Opportunity Employer

CSL is an Equal Opportunity Employer. If you are an individual with a disability and need a reasonable accommodation for any part of the application process, please visit https://www.csl.com/accessibility-statement.