Cyber Threat Engineer

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 114,000 colleagues serve people in more than 160 countries.

Working at Abbott

At Abbott, you can do work that matters, grow, and learn, care for yourself and family, be your true self and live a full life. You'll also have access to:

• Career development with an international company where you can grow the career you dream of .

• Free medical coverage for employees* via the Health Investment Plan (HIP) PPO

• An excellent retirement savings plan with high employer contribution

• Tuition reimbursement, the Freedom 2 Save student debt program and FreeU education benefit - an affordable and convenient path to getting a bachelor's degree.

• A company recognized as a great place to work in dozens of countries around the world and named one of the most admired companies in the world by Fortune.

• A company that is recognized as one of the best big companies to work for as well as a best place to work for diversity, working mothers, female executives, and scientists.

The Opportunity

This position works out of our Lillehei, MN, location in the GIS-Global Information Services, Cyber Threat Engineering Team. This role is onsite with the potential to work one or two days remotely, subject to change at any time.

As the Cyber Threat Engineer with networking focus, you will have the opportunity to investigate the Techniques and Tactics employed by Threat Actors when compromising networks. You will assist with cyber security network device deployments and other ongoing projects that help secure Abbotts system and networks. Collaborate with the Cyber Threat Engineering team and Incident Response Team in the development Splunk Risk Rules and Risk Based Alerting (RBA) creating detections for threat activity within our global corporate and manufacturing networks. Provide technical guidance within the Cyber Threat Engineering team and support cross departmental briefings.

What You'll Work On

You will interact with many teams including the Abbott Border team and its sub teams to understand our overall network and its deployed network cyber security sensors. You will provide your expert opinion and guidance with various network, firewall, IDS/IPS, Armis, ZScaler and other projects and within the CTEs day to day role, with a focus to improve overall Abbott network and systems cyber cecurity. Investigate deployed sensors and ensure we are fully capitalizing on our sensors capabilities including the available data and API capabilities, assist in integration sensors into Splunk and XSOAR. You will join the Cyber Threat Engineering team in supporting the Incident Response Team during significant cyber events within Abbott enterprise,

Core Job Responsibilities:

• Ability to search and assist in building detections with Splunk Search Processing Language (SPL) for multiple sensors (Firewall, IDS/IPS, EndPoint Protection, Proxy, and more) incorporating the MITRE ATT&CK Model.

• Proactively ingest Digital Forensics, and Incident Response reports from a wide variety of sources. Build detections for cyber-based threats and risks, both current and future, creating and deploying detections as needed.

• Assist with the automation of manual tasks through technology integrations via scripting and orchestration of playbooks.

• Participate in cross-team coordination to achieve defined security goals and meet technical requirements in support of detailed implementation plans for security projects.

• Develops response strategies and technical support documents, summaries, reports, presentations, and other designated products.

• Support the advancement of Abbott's Cybersecurity Operations program to ensure consistent detection, analysis, response, and monitoring of cybersecurity threats, including actors, campaigns, and vulnerabilities.

Required Qualifications

• B.S. in Computer Science or similar engineering discipline

• Expert level use of Splunk Search Processing Language and Splunk Risk Based Alerting

Preferred Qualifications

• GIAC (GCIH, GSEC, GCFA, GREM), OSCP or equivalent certifications preferred.

• 5+ years of experience directly related to the area of incident response, digital forensics, malware analysis, threat hunting, cyber threat intelligence, or content development/tuning.

• Experience with programming and scripting languages, preferably Python and PowerShell.

• Solid networking background with Identity and Access Management (IAM) background as a plus.

• Strong written and verbal communication skills; must be able to effectively communicate to all levels of staff up to executive-level management, customers (internal and external), and vendors.

• Be available for on-call duty to handle high-impact cybersecurity incidents. On-call is infrequent but possible.

• Be driven for personal development through security conferences, Capture the Flags (CTF), lab time and research.

• Be a team player committed to the mission and continuous development of the Cyber Threat Action Center, peers, and Abbott customers

Apply Now

• Participants who complete a short wellness assessment qualify for FREE coverage in our HIP PPO medical plan. Free coverage applies in the next calendar year.

Learn more about our health and wellness benefits, which provide the security to help you and your family live full lives: www.abbottbenefits.com

Follow your career aspirations to Abbott for diverse opportunities with a company that can help you build your future and live your best life. Abbott is an Equal Opportunity Employer, committed to employee diversity.

Connect with us at www.abbott.com, on Facebook at www.facebook.com/Abbott and on Twitter @AbbottNews and @AbbottGlobal.

The base pay for this position is $72,700.00 - $145,300.00. In specific locations, the pay range may vary from the range posted.