USACares Jobs

Job Information

CSL Behring Associate Director, Incident Response and Forensics in King of Prussia, Pennsylvania

With operations in 35+ nations and 27,000 employees worldwide, CSL is driven to develop and deliver a broad range of lifesaving therapies to treat disorders such as hemophilia and primary immune deficiencies, and vaccines to prevent influenza. Our therapies are also used in cardiac surgery, organ transplantation and burn treatment.

CSL is the parent company of CSL Behring and Seqirus. CSL Behring ( is a global leader in the protein biotherapeutics industry, focused on bringing to market biotherapies used to treat serious and often rare conditions. CSL Behring operates CSL Plasma ( , one of the world's largest collectors of human plasma, which is used to create CSL’s therapies. Seqirus is the second largest influenza vaccine company in the world and is a transcontinental partner in pandemic preparedness and a major contributor to the prevention and control of influenza globally.

We invite you to take a look at the many career possibilities available around the globe and consider building your promising future at CSL by becoming a member of our team!

The position holder:

1.Has the authority and responsibility for leading and directing highly complex, global, cross-functional high value projects and/or the integration of multiple inter-related projects, in the security service portfolio:

  • Incident Response

  • ComprehensiveSecurityMonitoring– event detection and incidentresponse

  • CSL Group Security Policies – ISO 27001/27002

  • Intrusion Detection / Protection

  • Manufacturing Security Standards – IEC 62443

  • Network Access Control

  • Physical Security

  • Policies, Standards, & Procedures

  • Privileged Account Management

  • Threat & Vulnerability Management

  1. Leads a global team to apply security incident handling processes for CSL to successfully navigate the cybersecurity and information security incident response process to:
  • Preparefor

  • Identify

  • Contain

  • Eradicate

  • Recover

from cybersecurity events

3.The role will lead a global team of cybersecurity and information security incident responders that will:

  • Develop and implementofacybersecurity threat analysisstructure of common attack techniques to evaluate an attacker's spread through aCSLsystem, platformandornetwork.

  • Anticipate and thwartfurther attack activity

  • Identify and implement toolsto determineattack types including malware typeused in an attack, includingRootkits,Backdoors,andTrojanHorseschoosingappropriate defenses and response tactics for each

  • Analyze a security architecture for deficiencies

  • Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts

  • Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016

  • Conduct in-depth forensic analysis of *Nix operating systems and media exploitation focusing on CentOS, RHEL, Solaris, AIX, HPUX, and Ubuntu/Debian

  • Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, anti-forensics, and detailed system usage

  • Hunt and respond to advanced adversaries such as nation-state actors, organized crime, and hacktivists

  • Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation

  • Detect and hunt unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterpriseenvironment;

  • Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and networkconnections;

  • Target advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker's presence

  • Use memory analysis, incident response, and threat hunting tools to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more.

4.Demonstrates thought leader-level abilities with, and/or a proven record of success directing efforts in the following areas:

  • Utilize Network Analysis

  • ComputerMemory Analysis

  • Endpoint Analysis

  • Cyber Incident Lifecycle

  • NIST 800-61

  • Identify and address client needs by building solid relationships with clients,

  • Develop and promote anawareness ofCSL cybersecurity services

  • Communicatewith theBT customersin an organized and knowledgeable manner

  • Deliverclear requests for informationacross all the geographies CSL operates.

  • Demonstrateflexibility in prioritizing and completing tasks, and communicating potential conflicts; - Direct the identification and addressing of client needs by building, maintaining, and utilizing networks of client relationships and community involvement, communicating value propositions, managing resource requirements, project workflow, budgets, margins, billing and collection; - Lead and supervise teams to create an atmosphere of trust and seek diverse views to encourage improvement and innovation, answer questions and provide direction to less-experienced staff, coach staff including providing timely meaningful writtenand verbal feedback; and, - Provide opportunities to contribute to practice development through the development of new collateral and thought leadership pieces, as well as participation in sales and driving revenue..

5.Has overall responsibility for initiating, defining, planning, implementing and closing out assigned Incident response projects and programs and ensuring that the overall project/program structure and management processes enable the component teams to successfully complete their work and that the components’ deliverables can be integrated into the overall security, service, or solution.

Main Responsibilities and Accountabilities:


Leads and directs highly complex, large-scale, global, cross-functional high value security projects for both greenfield and existing manufacturing facilities in alignment with CSL strategic and operational security processes and controls.

  • Directsand motivatesproject managers and teams to achieve project objectives and desired program results.

  • Assures effective prioritization of interdependent project and program activities.

  • Creates temporary performance (matrix) environments with effective governance frameworks enabling peak performance and team results.

  • Arbitrates and resolves complex issues, conflict, and interface problems between diverse project teams, senior level functional partners and stakeholders,

  • Works closely with Sponsors, Steering Committees, and senior process and functional leaders to overcome obstacles to project/program success.


Process/Technology Projects and Programs

  • Works closely with CybersecurityArchitects focused on the security ofmanufacturingnetworks, manufacturingexecution systems (MES), and supporting systems.

  • Highly effective project and program management for process/technology related initiatives with a keen understanding of interdependencies.

  • Strong oversight of vendor and procurement management.

  • Strong expertise in projects related toimplementation of security controls in a bio-pharma manufacturing setting:

  • Active DirectoryImplementation (Two Tier Domain Structure)

  • Automation System Isolation

  • Comprehensive Monitoring

  • Intrusion Detection / Protection

  • Network Access Control

  • Physical Security

  • Policies, Standards, & Procedures

  • CSL Group Policies – ISO 27001/27002

  • Manufacturing Security Standards – IEC 62443

  • Privileged Account Management

  • Threat & Vulnerability Management

  • Strong awareness ofsecuritycontent areas, including:

  • System validation, and Good Manufacturing Practice (GXP)

  • Business process mapping and engineering.

  • Design, specification, testing and delivery oftechnology solutions.

  • Dataconversion andmigrationincluding interface identification.

  • Documentation: technical and end-user documentation.


Program Management

  • Responsible foranintegratedview ofprojects within the program, includingTime, Cost, Performance(Scope)milestones,Resources,andIssue, Riskand Opportunitydependencies that could impact the delivery of the program.

  • Assureseffective measurement and reporting processes in part so that critical variances to the integrated plan can be quickly and successfully addressed.

  • Assistsproject managers in securing the proper functional resources for their teams and maintaining well-functioning project teams.This may include involvement in screening and interviewing internal and external project candidates.

  • Assuresthat the appropriategovernance andproject methodology is in place and that the projects within the program are complying with all stated project requirements and established standards.

  • Serves as mentor/advisor/decision-maker to project managers for the program for issues related to the corporate and external environments, client relations, government and regulatory relations, project quality and project risk.

  • Assistsand overseesthe project managers in collaborating with external partners where the integration of services, technologies, and capabilities across projects is required, including when needed, developing proposals, requests for proposal, partner specifications and contractual terms and ensuring deliveryagainst partner requirementsand the delivery of CSL requirement by partners.

  • Maintains abroad view both of program objectives and organizational culture and processes andcanleverage resources among and across the program’s projects.

  • Assures that lessons are applied from previous projects and programs and directs assessmentsfor mid-stream improvements on projects within the program and for utilizationbyfuture projects and programs initiated by the enterprise.


Communication and Change Management

  • Directs the use ofeffective business transformation, including training and user adoption of related process and technology solutions.

  • Works closelywithBusiness Technology and Manufacturingfunctional managementto define and deliver on expected deliverables and value.

  • Assures access toSubject Matter Expertsand leading practicewith the requisite capabilities to supportprogram development andproject definition and planning as required to successfully complete the project work.

  • Assures effective team and internal/external stakeholder communication, keeping stakeholders informed of progress and issuestomanage expectations on all requirements and deliverables.

  • Assures that documentation is kept current,clear,and transparent and is communicated as appropriate.

  • Escalates key decisions, issues,risks,and opportunities as required to achieve objectives.

  • Helps to manage and build relationships with external partners, e.g., vendors, asneeded.

  • Representsprograms andprojects at required internal and external meetings to assure that priorities are communicatedand understood, and that progress/delays/issues/risks/opportunitiesare reported.


Situation Analysis and Initiation

  • Helps to translate CSL strategic and operational priorities intosecurity requirements intoprojectcharters, solution requirements,designed to deliver intended value.

  • Assures that situational analysis provides the data required to well characterize projects.


Project / Effort Definition

  • Assures that projects have well developed target value and directs the identification of work to achieve intended value.

  • Oversees the identification of resource requirements andincident responsecosts.

  • Accountable for developing/defending the business case with project managers,sponsor,and key stakeholders.


Incident Response Planning

  • Assures that required project resources are identified and secured to complete the work of the project.

  • Directs the development of project schedules with timelines and interdependencies for all tasks and the identification of key milestones.

  • Assures appropriate identification and assessment of risks and opportunities related to the project.


Project Implementation and Closeout

  • Directs the project organization in monitoring and controlling planned Time,Cost,and Performance (Scope) against actuals, and the identification, reporting and resolution of all significant variances where they exist.

  • Assures that all financial aspects of the project are properly managed.

  • Monitors for effective use of resources (human capital and other resources).

  • Assures effective issue,risk,and opportunity managementtoprotect the project plan and maximize delivered value.

  • Assures that the project is closed out properly following completion, including summary reports and lessons learned.

  • Supports value realization efforts throughout the project and at closeout.


Participates in the hiring, growth, and development of junior incident response staff in the areas of threat hunting, forensic analysis, incident resolution and return to operations. Mentors and directs specially assigned incident response project managers and their teams and program management staff, and actively role models expected project management and leadership behaviors and processes designed to improve project results and the performance of the team.

E ducation

  • Required:College degree, preferably in a related technical subject; or advanced degree in business or industry-related subject or equivalent related work experiencein cybersecurity and manufacturing.

  • Preferred: Anadvanced degree (MS) in a relevant discipline (or equivalent)including cybersecurity, management information systems, and related technologies related to manufacturing cybersecurity.

  • Project management certification / training desirable/ CISSP, CISM, CISO, GIAC-GCED, GIAC-GCIH, and/or GIAC-CFEcertification preferred.


Essential Experience:

  • 8+years demonstrated experience leading global, multi-functional teams in bio-pharma manufacturing – implementing security solutions.

  • Strong leadership, consultative, communication, and conflict management skills to influence project leaders and stakeholders, including non-specialists, at all levels in the organization and achieve team objectives while maintaining a positive team environment.

  • The ability to train, mentor, and develop project managers in project management methodologies and their application; the ability to manage in a matrix environment.

  • The ability to work on complex problems where analysis of situation or data requires an in-depth evaluation of various factors to achieve best results.

  • The ability to clearly communicate complex issues to senior management so that critical issues are understood quickly and can be addressed immediately.

  • Strong strategic planning, quantitative, and decision analysis capabilities.

  • Strong project management and integration skills; ability to coordinate all aspects of a project or program.

  • Demonstrated experience in developing, managing, and controlling cross functional project budgets.

  • 5 – 10 years’ experience using a formal project management methodology, techniques and tools.

  • Proficiency and use of enterprise computer applications including the Microsoft suite of products and project managementsoftware.

  • Multi-lingual in German and English

Desired Experience:

  • Experience in biopharmaceutical industry

  • Experience in crafting enterprise incident response programs for a global company – process and technicaldefinition.

Worker Type:


Worker Sub Type:



CSL makes all employment decisions without regard to race, color, religion, national origin, ancestry, age, sex, gender, pregnancy, disability, marital status, sexual orientation, gender identity, genetic information, military status, protected veteran status (specifically status as a disabled veteran, recently separated veteran, armed forces service medal veteran, or active duty wartime or campaign badge veteran) or other classification protected by applicable US federal, state or local law. CSL complies with all applicable employment laws, including but not limited to Title VII of the Civil Rights Act of 1964, the Americans with Disabilities Act, the Fair Labor Standards Act, and the Immigration Reform and Control Act.