Purpose of the job

• Our Senior Cyber Defence Analyst will augment the existing cybersecurity operations team by identifying risks posed to the organisation from its internet visible attack surface as part of Abbotts Attack Surface Management (ASM) program. Reporting to the Senior Manager Cyber Security Operations – EMEA, they will be capable of using existing tools to understand and identify the organisations attack surface and any vulnerabilities which are exposed.
• The Senior Cyber Defence Analyst will be capable of prioritising vulnerabilities by risk using threat intelligence information, security tools as well as their own networking and experiential knowledge. Sharing information to relevant stake holders within the organisation, the Senior Cyber Defence Analyst will also be capable of developing and maintaining relationships within the business.
• The role will require a self-starter with a capability to work in an environment with significant on prem and cloud footprint in what is a quality driven organisation working in a highly regulated industry. The Senior Cyber Defence Analyst will be a significant contributor to the evolution and success of the ASM program and must be comfortable with change due to the evolving nature of the threatscape as well as organisational priorities.
• Reporting to the Senior Manager – Cybersecurity Operations for the EMEA region, the Senior Cyber Defence Analyst will be based in the BTS IT Hub located in Cherrywood, South County Dublin. The role will be based on site initially in line with current COVID regulations.

Main Responsibilities

Perform threat identification and mitigation activities using industry leading security controls and tools sets across both on prem and cloud environments.

Performs technical evaluation of discovered vulnerabilities.

• Assess threats to the business using a risk-based approach.
• Monitor and manage case load of issues identified from analysis of vulnerabilities through their lifecycle by engagement with the relevant asset/systems owner.
• Consumes threat intelligence information to enhance risk assessments of vulnerabilities.
• Advance the Company’s cyber threat and vulnerability management program to ensure consistent identification, analysis, response, and monitoring of cyber security threats, events, and vulnerabilities.
• Collaborate with business units, application development teams, and third-party vendors to achieve attack surface management program requirements while enabling the business.
• Provides information to functional KPI report on attack surface risk.
• Acts as a mentor to Junior team members with a view to advancing them in terms of knowledge and skills.
• Make recommendations regarding the selection of additional tools to enhance the current toolset.
• Identify process improvements and opportunities for automation of manual work.
• Act as part of the regional information security team, responding to specific regional issues.
• Act as technical SME for the attack surface management toolset.
• Present to peers and other Abbott customers on ASM Program relevant topics.
• Carries out regular training to ensure skills and knowledge stay relevant.

Abilities

• Ability to share insights about the context of an organization’s threat environment that improve its risk management posture.
• Ability to create and maintain relationships between cybersecurity functions as well as with customers in the wider Abbott business.
• Ability to translate complex cybersecurity topics to customer relevant language for consumption within the business.
• Ability to use large datasets to ensure that risks are identified in a timely manner.

Knowledge

Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

• Knowledge of cyber threats and vulnerabilities.
• Knowledge of threat vectors and how they would contribute to risk based decision making in assessing vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).
• Knowledge of cloud technologies and platforms.
• Knowledge of penetration testing principles, tools, and techniques.
• Knowledge of Application Security Risks (e.g., Open Web Application Security Project Top 10 list).
• Knowledge of application vulnerabilities and how they would feed into the ASM program.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Skills

• Skilled in communication to peers and the wider Abbott community.
• Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems using industry standard tools such as Qualys, Nessus etc
• Skilled in using network analysis tools to identify vulnerabilities. (e.g. nmap, etc.).
• Skilled in performing impact/risk assessments.
• Skilled in the analysis of CVSS3 data in relation to vulnerabilities.
• Skilled in the interpretation of threat intelligence data
• Skilled in the use of penetration testing tools and techniques.
• Skilled in conducting application vulnerability assessments.
• Skilled in developing insights about the context of an organization’s threat environment
• Skilled in the application of cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Skilled in the use of scripting technologies (Python) to facilitate the automation of manual tasks or to consume data for analysis.

Experiential and Educational Requirements

6 years and above work experience preferably with experience in a large-scale vulnerability management program.

History of completing successful cross-functional projects and driving positive compliance outcomes.

• Knowledge of national and international regulatory compliances and frameworks such as NIST Cybersecurity Framework, ISO 27001, EU DPD, HIPAA/HITECH
• Demonstrated experience of working in a Matrix organisation covering differing geographic areas on time zones.
• Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner, and be able to meet assigned deadlines and service levels.
• Must have strong time management skills and an ability to thrive in a high cadence operation
• Must work well within a tight-knit team environment and be able to work with peers, customers, and partners to support the mission.

BA/BS or higher in Information Security, Risk or IT Management, Computer Science, or related field; or equivalent experience.

Certifications such as CISM, CISSP, CEH, OSCP