Employer Active
Job Alert
You will be updated with latest job alerts via emailJob Alert
You will be updated with latest job alerts via emailNot Disclosed
Salary Not Disclosed
1 Vacancy
Working with Us
Challenging. Meaningful. Lifechanging. Those arent words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here uniquely interesting work happens every day in every department. From optimizing a production line to the latest breakthroughs in cell therapy this is work that transforms the lives of patients and the careers of those who do it. Youll get the chance to grow and thrive through opportunities uncommon in scale and scope alongside highachieving teams. Take your career farther than you thought possible.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits services and programs that provide our employees with the resources to pursue their goals both at work and in their personal lives. Read more: role will serve as the lead for BMS Attack Surface Management (ASM) function including the cloud web application firewall (CWAF). This individual will coordinate and monitor daytoday program activities as well as provide thought leadership and support for ASM special projects analytics and strategic roadmap. The ideal candidate will seamlessly integrate with the Cyber Threat Intelligence (CTI) team translating intelligence products into timely and actionable insights that improve BMS security posture in a rapidly evolving threat landscape. They will effectively communicate and drive remediation activities with a diverse set of crossfunctional stakeholders including infrastructure platform network and application owners. In addition this role will own the endtoend architecture engineering and support of the CWAF and provide technical guidance and direction to a team of WAF engineers.
Key Responsibilities:
Serve as technical point person provide oversight and drive activities for blended team (FTE managed service providers) for daytoday ASM operations.
Implement run and maintain ASM tools including opensource intelligence (OSINT) external attack surface management (EASM) and security ratings tools to monitor BMS attack surface assess technical and reputational risk and prioritize remediation activities.
Assess new and emerging threats and vulnerabilities provide recommendations technical guidance and solutions for remediation or mitigation.
Design and deliver analytics to demonstrate ongoing operational status and program maturity.
Innovate and automate existing ASM processes to drive operational efficiency.
Consult with internal teams (Security Operations Engineering Endpoint Network etc.) to integrate defensive tactics and controls for identified vulnerabilities and threats.
Provide comprehensive service to BMS mission & business critical application teams including onboarding proactive monitoring configuration and integration assistance in CWAF.
Act as a trusted advisor providing a high quality of troubleshooting investigation and consultation when requested by application teams.
Research & develop solutions for complex application integrations with CWAF.
Provide program leadership and technical guidance and direction to WAF engineering team.
Update program documentation (e.g. playbooks runbooks) on a regular basis in alignment with organizational and technology changes.
Occasional afterhours escalation and oncall responsibilities can be expected.
Qualifications & Experience:
6 years of relevant work experience.
Experience designing and implementing Attack Surface Management strategies including robust use of OSINT and EASM tools.
Ability to rapidly consume and evaluate current threat and vulnerability information from opensource and industry sources assess risk to the enterprise and identify optimal remediation or mitigation strategies.
Experience performing vulnerability scans analyzing configurations and hardening networks operating systems applications databases Active Directory and other technology components both onpremises and in the cloud.
Demonstrated analytic expertise and ability to think critically and logically in a dynamic fastpaced environment and ambiguous situations.
Excellent oral and written communication skills.
Familiarity with common web technology concepts such as HTML JavaScript JSON and REST APIs.
Familiarity with web application security principles and core concepts of firewall rule configuration.
Domain knowledge of networking technologies and protocols OT knowledge is a plus.
Experience with AWS or Azure is a plus.
Imperva CWAF experience and certifications are a plus.
Experience working on or leading global teams is a plus.
If you come across a role that intrigues you but doesnt perfectly line up with your resume we encourage you to apply anyway. You could be one step away from work that will transform your life and career.
Uniquely Interesting Work Lifechanging Careers
With a single vision as inspiring as Transforming patients lives through science every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture promoting global participation in clinical trials while our shared values of passion innovation urgency accountability inclusion and integrity bring out the highest potential of each of our colleagues.
Onsite Protocol
BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes siteessential sitebydesign fieldbased and remotebydesign jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:
Siteessential roles require 100% of shifts onsite at your assigned facility. Sitebydesign roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles onsite presence is considered an essential job function and is critical to collaboration innovation productivity and a positive Company culture. For fieldbased and remotebydesign roles the ability to physically travel to visit customers patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.
BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application or in any part of the recruitment process direct your inquiries to . Visit to access our complete Equal Employment Opportunity statement.
BMS cares about your wellbeing and the wellbeing of our staff customers patients and communities. As a result the Company strongly recommends that all employees be fully vaccinated for Covid19 and keep up to date with Covid19 boosters.
BMS will consider for employment qualified applicants with arrest and conviction records pursuant to applicable laws in your area.
If you live in or expect to work from Los Angeles County if hired for this position please visit this page for important additional information: data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.
Required Experience:
Senior Manager
Full-Time