Senior Manager - Cyber Defense

Senior Manager – Cyber Defense

Company	Bristol Myers Squibb
Location	Princeton, NJ, USA
Salary	$Not Provided – $Not Provided
Type	Full-Time
Degrees
Experience Level	Senior

Requirements

6+ years of relevant work experience.
Experience designing and implementing Attack Surface Management strategies, including robust use of OSINT and EASM tools.
Ability to rapidly consume and evaluate current threat and vulnerability information from open-source and industry sources, assess risk to the enterprise, and identify optimal remediation or mitigation strategies.
Experience performing vulnerability scans, analyzing configurations, and hardening networks, operating systems, applications, databases, Active Directory, and other technology components both on-premises and in the cloud.
Demonstrated analytic expertise and ability to think critically and logically in a dynamic, fast-paced environment and ambiguous situations.
Excellent oral and written communication skills.
Familiarity with common web technology concepts such as HTML, JavaScript, JSON, and REST APIs.
Familiarity with web application security principles and core concepts of firewall rule configuration.
Domain knowledge of networking technologies and protocols – OT knowledge is a plus.

Responsibilities

Serve as technical point person, provide oversight, and drive activities for blended team (FTE, managed service providers) for day-to-day ASM operations.
Implement, run, and maintain ASM tools, including open-source intelligence (OSINT), external attack surface management (EASM), and security ratings tools, to monitor BMS’ attack surface, assess technical and reputational risk, and prioritize remediation activities.
Assess new and emerging threats and vulnerabilities, provide recommendations, technical guidance, and solutions for remediation or mitigation.
Design and deliver analytics to demonstrate ongoing operational status and program maturity.
Innovate and automate existing ASM processes to drive operational efficiency.
Consult with internal teams (Security Operations, Engineering, Endpoint, Network, etc.) to integrate defensive tactics and controls for identified vulnerabilities and threats.
Provide comprehensive service to BMS’ mission & business critical application teams, including onboarding, proactive monitoring, configuration, and integration assistance in CWAF.
Act as a trusted advisor, providing a high quality of troubleshooting, investigation, and consultation when requested by application teams.
Research & develop solutions for complex application integrations with CWAF.
Provide program leadership and technical guidance and direction to WAF engineering team.
Update program documentation (e.g. playbooks, runbooks) on a regular basis in alignment with organizational and technology changes.
Occasional after-hours escalation and on-call responsibilities can be expected.

Preferred Qualifications

Experience with AWS or Azure is a plus.
Imperva CWAF experience and certifications are a plus.
Experience working on or leading global teams is a plus.