At Biogen, we offer a workplace that is unique, connected, resilient and impactful. Our purpose to find cures for rare diseases is a unique focus within our industry. We are connected as a team by this shared purpose, the pride we have in our work, and the inspiration we obtain from the lives we’re changing. We are resilient as we overcome obstacles, following the science to deliver for our patients. Most of all, our work allows us to have an impact. An impact on our patients’ lives and on changing the course of medicine.   

About this role

The Head of Advance Cyber Threat Detection and Defense is a member of the CISO’s office and is accountable for the Identification, Detection and Protection services supporting Biogen globally.  This is a new function that will lead cyber security configuration testing, threat modeling, and behavioral analytics focused on ensuring Biogen is protected from both current and emerging cyber threats. This leader must be seasoned in managing through sophisticated cyber threats and have both breadth and depth of technical experience/skills across offensive and defensive cyber operations. 

What you’ll do

Threat Intelligence - Deputy CISO, Head of Cyber Operations - supporting all of IT and Global Security.  Our early warning function that will track and understanding active offensive cyber adversaries and develop MITRE ATT@CK Mappings and Indicators of Compromise (IOC) for Cyber Operational Teams to implement active detection and defensive strategies.

Advance Threat Detection - Deputy CISO, Head of Cyber Operations, supporting IT and Global Security.  This team is highly sophisticated in macro thematic analysis to identify and track active cyber adversaries targeting Biogen networks and personnel. 

Vulnerability Testing / Threat Modeling - Deputy CISO, Head of Cyber Operations, supporting IT and Global Security.  This function will actively assess and test Biogen’s cyber resilience through vulnerability identification and active red team testing leveraging threat modeling.  We want to find our weaknesses before the adversaries do!   Outputs from this team will be in the form of recommendations to address findings and improve system, application, and network cyber security whether through patching or configuration modifications. 

Orchestration and Automation - Deputy CISO, Head of Cyber Operations, supporting IT and Global Security.  Not all cyber events are detected through commercial tools and often most sophisticated adversaries require complex understanding of telemetry and logging to detect and mitigate.  The function will develop orchestration and automation recommendation / implementation to IT and Global

1.     Will provide monthly vulnerability reports / briefing to partner organization and track remediation for CISO on quarterly basis.

2.     Will establish prioritization categories for patching and remediation timelines and seek requiring CISO approval. 

3.     Launching a major or critical cyber incident that requires EC engagement

4.     Returning services back into operation after a cyber incident.  Especially with 3rd parties, it is often grey when the situation is healthy again, requiring risk acceptance.  This role is to be the expert in providing advice to bring clarity within the grey space.

5.     Bringing silo’d teams and their systems “together” in new ways so that we have visibility into malicious activities.  This will be required countless times as we build this capability.  The teams coming together will not have budget or much time allocated to perform this work, so the leader will need to be practical, persuasive and flexible.  Some of these teams are historic rivals.  A true team builder is necessary

6.     Building an eloquent user experience when interacting with security.  No matter a physical or cyber issue, there is one place to go.  This will require that we break well established norms within the security establishment (both sides).  A MVP (minimal viable product) mindset where we iterate and consistently improve is needed.

• 20-years of hands-on experienced across cyber security operations spanning all tiers of technologies:
• Experience in the following - End Point Detection / Response; Netflow Analysis; Windows, Linux and Unix Servers Security; Application and Database Security, Perimeter Defense / DMZ Architecture; SaaS Security, Virtualization and Cloud Security; SIEM automation; and Log Analysis.  
• Bachelor’s Degree

“Diversity is key for the survival of our ecosystem. I believe it is the single most important factor for a balanced flourishing environment where everyone thrives.”

• Guy Hadari – Chief Information Officer- Biogen

All your information will be kept confidential according to EEO guidelines.