Architect, Detection Response, Info Security

Innovation starts from the heart. At Edwards Lifesciences, we’re dedicated to developing ground-breaking technologies with a genuine impact on patients’ lives. At the core of this commitment is our investment in cutting-edge information technology. This supports our innovation and collaboration on a global scale, enabling our diverse teams to optimize both efficiency and success. As part of our IT team, your expertise and commitment will help facilitate our patient-focused mission by developing and enhancing technological solutions.

As a Detection Response Architect in Edwards, you will contribute with protecting Edwards organization, applications, and products by responding to security threats, designing, and implementing detection and automation use cases and threat hunts. You will contribute to Edwards security posture by onboarding new data sources and driving . Ideal candidates posses knowledge in information security incident response and threat hunting,  experienced with developing and writing detection engineering use cases and with the ability to drive results. This role is a vital part of our 24x7 Incident Detection and Response team to help protect Edwards.

How will you make an impact:

• Serve as key escalation tier for on-call incident response resources

  
  

• Perform complexed investigations as a part of Edwards active security monitoring and threat hunting operations within SLAs

  
  

• Design, lead and implement response and remediation actions to protect against security threats in Edwards environments and products

  
  

• Lead data ingestion efforts from identifying gaps, onboarding data sources, tuning and correlating them

  
  

• Lead the design, testing and implementation of detection use cases to production

  
  

• Help drive threat hunting program

  
  

• Serve as technical lead for design, operations and maintenance of key cyber security capabilities and services in Detection Response area - SIEM (Google SecOps, Splunk, Qradar etc), Log Collectors (WEF, Cribl, NXLog etc)

  
  

• Lead the design of automation workflows to streamline detection and response efforts

  
  

• As needed, participate in CIRT team efforts

  
  

• Provide coaching, mentoring, and knowledge transfer to other team members

  
  

• Document and maintain incident response technical playbooks, incident reports and incident timelines

  
  

• Staying informed on the evolving cybersecurity threat landscape to drive innovative detections, threat hunts, and automations to drive Edwards' security posture

  
  

What you'll need (Required):

• Staying informed on the evolving cybersecurity threat landscape to drive innovative detections, threat hunts, and automations to drive Edwards' security posture

  
  

What else we look for (Preferred):

• Previous related experience in Information Security SOC, CIRT or SIEM teams

  
  

• Leading information security incident handling efforts

  
  

• Provide and build detailed investigation reports and timelines including documentation, improvements, and recommended action items

  
  

• Expert with Google SecOps or other SIEM solutions (Splunk, Qradar etc)

  
  

• Expert with log collectors' management (WEF, Cribl, NXLog etc), parsing experience

  
  

• Experience with SOAR platforms operations (Torq, PaloAlto XSOAR etc)

  
  

• Lead and train Level 1 and 2 analysts on incident response processes and ongoing escalations

  
  

• Experience with threat hunting operations and/or design

  
  

• Certifications in related discipline preferred (e.g., CEH, CISM, CISSP)

  
  

• Expert of IR concepts, data tuning, SIEM, forensics, cloud monitoring

  
  

• Knowledge of common attack vectors and methods, MITRE framework

  
  

• Scripting experience preferred

  
  

• Proficient analytical and problem-solving abilities to identify and mitigate potential security risks

  
  

• Strict attention to detail

  
  

• Ability to partner with other information security and IT experts for escalation of security alerts and onboarding log sources

  
  

• Substantial understanding of troubleshooting techniques with the ability to adapt and learn new technologies

  
  

• Ability to provide guidance to assigned teams on implementing information security standards and designs

  
  

• Excellent organization and time management skills

  
  

• Excellent verbal and written communication and customer focused skills

  
  

• Extensive knowledge of own area within the organization while contributing to the development of new concepts, techniques, and standards

  
  

• Ability to interact professionally with all organizational levels and proactively escalate issues to appropriate levels of management in the organization

  
  

• Ability to manage competing priorities in a fast paced environment