Job Description Summary

The Global Lead for Red Team and Attack Simulations is crucial for ensuring Sandoz's defensive capabilities are effective by identifying and remediating security gaps and weaknesses before they can be exploited by advanced cyber threat actors. It requires extensive technical knowledge of attack paths and cyber adversary hacking in both OT and IT environments. The role demands a precise technical leader who can identify security vulnerabilities without disrupting global operations and who continuously stays ahead of evolving exploit kits and malicious code which are rare and highly sought-after skills in the job market. Additionally, it requires senior leadership and regulatory exposure to appropriately document findings from offensive security tests.

Job Description

Global Lead, Red Team and Attack Simulations

Sandoz is going through an exciting and transformative period as a global leader and pioneering provider of sustainable Generic and Biosimilar medicines.

Now as an independently listed company, Sandoz aims to increase its strategic focus, operate with greater agility, set clearer business objectives, enhance shareholder returns, and strengthen its culture for us, the Sandoz associates. This is an exciting time in our history, and by creating a new and ambitious path, it will provide a unique opportunity for us all, both professionally and personally.

Join us as a Founder of our 'new' Sandoz!

Major Accountabilities (Describe the main results of the job to be achieved)

Responsible for Sandoz's Red Team and Attack Simulations strategy, equipping the company with future-proof, best-in-class, right-size capabilities needed to stay ahead of advanced cyber adversaries and severe but plausible threat scenarios.

Design and lead Red Team and Attack Simulation scenarios for various kill-stage stages to identify and address gaps in Sandoz's security and resilience posture. Collaborate with Cyber Threat Intelligence (CTI) to perform intelligence gathering against target networks, people, processes, and technologies.

Build an evolvable threat catalogue, which will enable threat-informed defence across the Information Security Risk Management (ISRM) team. Foster collaboration with Blue and Purple teams to continuously mature detection and response capabilities.

Drive an agile, continuous improvement culture by effectively translating offensive testing mission results into pragmatic defensive improvements (technical controls, procedures, standards etc). Socialize exploitation tactics, technical findings, risks, and remediation recommendations with key stakeholders at various level across the organization.

Design, implement, and manage globally Red Team and Attack Simulations standards and processes to identify and report on Sandoz's defensive posture risks. Ensure adherence to regulatory requirements for offensive testing.

Provide technical leadership and advice to the offensive security team on Red Team and Attack Simulations engagements, including planned unit-tests, kill-chain analysis, security code reviews, security exploits, malware payloads.

Continuously research, test, and develop new tools, techniques, and procedures (TTPs) in line with Sandoz's threat profile. Stay abreast of the latest cybersecurity trends and developments to enhance the team's tradecraft and ensuring the success of planned campaigns.

Support the Global Lead ISRM with risk prioritization, threat identification, and executive reporting up to Sandoz' leadership, especially in regard to Critical Assets and IT Third Parties.

Ideal Background (State the minimum and desirable education and experience level)

Education:

Master of Science degree or equivalent experience in computer science, engineering or information technology or other relevant field
Multiple certifications in offensive security or equivalent experience (e.g.: OSCP, GPEN, CRTOP, CPT, CEH)

Languages:

Fluent in written and spoken English

Experience and Skills:

Significant experience in technology and cyber security roles ideally from mature industries like banking, pharma or critical sectors. Couple with experience in either Red Teaming, Adversary Emulation, Offensive Security or Cyber Resilience roles involving threat management
Previous experience running an offensive security organization / program in a regulated environment. Track record of complex penetration tests and red team exercises on web applications, networks, infrastructure and endpoints.
Deep understanding of the Cyber Kill Chain, MITRE ATT&CK, MITRE CAPEC, OWASP, Command & Control C2 Framework
Knowledge of designing covert C2 infrastructure in various on-prem, cloud or OT environments; automation experience is a plus
Knowledge of foundational and advanced offensive security tools tools in order to select the right capabilities for the team (e.g. Cobalt Strike, Nighthawk C2, Fortra OST, Bloodhound, Impacket, Mimikatz, Kekeo, Rubeus, socat, Windows Sysinternals)
Convey complex technical security concepts to both technical and non-technical audiences, including executives.
Strong understanding of Security Testing (NIST 800-115), Risk Assessments (NIST 800-30), Cyber Resilience (NIST 800-160), MITRE Cyber Resilience Engineering Framework (CREF) and Enhanced Control Requirements (NIST 800-172) is a plus
Proficient understanding and knowledge of general IT infrastructure technology and systems including Cloud and Operational Technology (OT / Industrial Control Systems)
Knowledge of cyber threat modelling techniques and practice;
Knowledge of enterprise architecture and security architecture frameworks such as TOGAF and SABSA is an advantage
Knowledge of the Business Continuity Institute's Good Practice Guidelines and / or the International Standards ISO22301, ISO22313, ISO27001, NIST and other relevant standards is an advantage
Experienced people leader with the ability to lead and develop diverse teams across geographies
An entrepreneurial mindset driven by curiosity, continuous improvement, and interest in technical advancements and trends.
Strong project management skills with the ability to delegate

You'll receive:

Breakdown of benefits received in this role. Include flexible working, learning and development opportunities as well.

Why Sandoz?

Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, touched the lives of almost 500 million patients last year and while we are proud of this achievement, we have an ambition to do more!

With investments in new development capabilities, state-of-the-art production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.

Our momentum and entrepreneurial spirit is powered by an open, collaborative culture driven by our talented

Join our Sandoz Network:

If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Sandoz and our career opportunities, join the Network here: Sandoz Talentpool (novartis.com)

and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is encouraged!

The future is ours to shape!

Commitment to Diversity & Inclusion

We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

#Sandoz

Skills Desired

Escalation, Information Security Audit, Information Security Risk Management, IT Governance, Sec Ops (Security Operations), Talent Development, Vendor Management