Novartis

Offensive Cyber Security Researcher

3+ months agoBarcelona, Spain

Job Description

15 Petabyte of data hosted, 49 countries supported, 15000 servers and thousands of devices to connect locations and businesses. Information is clearly one of Novartis` most valuable asset. In ISRM (Information Security and Risk Management), we implement and maintain solutions that secure the Novartis environment, protect our data and provide the necessary control framework to enable compliance with the various regulations associated with the healthcare industry.

105,000 outstanding individuals work with Novartis all with different needs and aspirations. Aligned to a single inspirational purpose to reimagine medicine for millions of patients across the world.

The Security Researcher will be part of a new Think Tank group of security researchers that will challenge Novartis information security defenses, application security and data protection. The Security Researcher will focus on identifying security vulnerabilities in Novartis infrastructure, through vulnerability research, simulating breach scenarios and developing innovative tools and techniques.
The Security Researcher will proactively identify and analyze vulnerabilities as well as related exploits and attack vectors.

Join us and directly contribute to Novartis' vision to Reimagine Medicine.

Your responsibilities include, but are not limited to:

• Proactively identify gaps and vulnerabilities in Novartis systems and architectures, and validate possible exploitation by defining the most likely threat actors and required capabilities.
• Operate a hands-on role involving web penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
• Provide in-depth technical analysis of computer networks applications and systems, culminating in the identification of existing potential vulnerabilities.
• Collaborate with engineering teams to test for and prevent threats to Novartis Networks infrastructure and data.
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Maintain up-to-date awareness of computer network exploitation and attack tools, threats and vulnerabilities and respective counter/mitigation measures.
• Assist with security investigations, root-cause analysis and corrective measures as required.
• Deliver technical debriefs to engineers and developers as needed, and work with IS&RM managers to prioritize vulnerability findings for remediation.
• Mentor and train Novartis IS&RM employees in attack techniques, intelligence analysis and adversarial tactics.

Minimum Requirements

What you'll bring to the role:

• BA or BSc in Computer Science or a related field.
• Fluency (written and spoken) in English
• 5+ Years' experience in Security Research, Web-Application & Network Penetration Testing or adjacent fields.
• Understand and apply attack and penetration concepts including the attack surface; identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected.
• Software development experience/proficiency in multiple languages, mainly C/C++ and other object-oriented platforms. Experience with scripting languages such as Python/Perl/Ruby.
• Operating System internals: PE, ELF, kernel, processes, networking, and hypervisors.
• Experience with reverse engineering tools (e.g. disassemblers, debuggers, instrumentation frameworks, etc.).
• Basic understanding of concepts in vulnerability research: Shell code, ROP, ASLR, exploit types, and heap manipulation.
• Must be able to manage new and existing security requirements, help with training personnel, and implement controls.

Why consider Novartis?

799 million. That's how many lives our products touched in 2019. And while we're proud of that fact, in this world of digital and technological transformation, we must ask ourselves this: how can we continue to improve and extend even more people's lives?

We believe the answers are found when curious, courageous and collaborative people like you are brought together in an inspiring environment. Where you're given opportunities to explore the power of digital and data. Where you're empowered to risk failure by taking smart risks, and where you're surrounded by people who share your determination to tackle the world's toughest medical challenges.

Imagine what you could do at Novartis!

Commitment to Diversity & Inclusion:

Novartis embraces diversity, equal opportunity and inclusion. We are committed to building diverse teams, representative of the patients and communities we serve, and we strive to create an inclusive workplace that cultivates bold innovation through collaboration, and empowers our people to unleash their full potential.

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network

Business Unit
IT NBS

Location
Spain

Site
Barcelona

Company / Legal Entity
Novartis Farmacéutica, S.A.

Functional Area
Information Technology

Job Type
Full Time

Employment Type
Regular

Shift Work
No

Job ID: Novartis-311840BR