Sr Mgr Information Security
Top focus
Career Category Information Systems Job Description ABOUT AMGEN Amgen harnesses the best of biology and technology to fight the world's toughest diseases, and make people's lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients.
Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting edge of innovation, using technology and human genetic data to push beyond what's known today. ABOUT THE ROLE Role Description: The Senior Manager Information Security, Digital Forensics (DF) leads the DF Hyderabad team within Digital Forensics.
This on site leader manages investigators, coordinates with the India office, and works closely with the Security Operations Center (SOC), Tier 2 Security Operations, Incident Response (IR), Legal, Compliance, Privacy, Human Resources (HR), and electronic discovery (eDiscovery) stakeholders.
The role is leadership first in addition to performing investigations and eDiscovery. The successful candidate must have the technical judgment to guide investigations, review findings, challenge unsupported conclusions, protect evidence, and support high risk cyber, legal, and HR escalations.
The role also guides workflows across EnCase, Nuix, Forensic Toolkit (FTK), Monolith Pro, Cellebrite, CrowdStrike Endpoint Detection and Response (EDR), IBM QRadar Security Information and Event Management (SIEM), Microsoft Office 365 (O365), Amazon Web Services (AWS), and ServiceNow.
This leader will also help mature automation, Artificial Intelligence (AI) assisted analysis, and future agentic AI workflows in a controlled, human reviewed manner. Roles & Responsibilities: Lead the Hyderabad DF team, including coaching, performance reviews, career development, workload planning, timekeeping, holiday approvals, and day to day people leadership.
Operate as the local DF leader for Hyderabad, partnering with the India office and Cybersecurity Operations while escalating high risk decisions at the right time. Manage the handoff relationships between DF and the SOC, Tier 2 Security Operations and IR, including triage, escalation, case priority and service expectations.
Oversee investigations and support activities involving cyber incidents, insider risk, employee matters, eDiscovery, litigation hold, compliance requests, data exposure, unauthorized access, malware, phishing, ransomware, and suspected data exfiltration.
Partner with Legal, HR, Compliance, Privacy, Cyber Threat Intelligence (CTI), Vulnerability Management Services (VMS), Penetration Testing, Cloud Engineering, Information Technology (IT), and business teams to scope, preserve, review, and report evidence.
Maintain evidence handling standards for Hyderabad, including authorized scope, chain of custody, hashing, secure storage, encrypted media, access control, case notes, evidence transfer, and cloud based analysis. Maintain cloud and Software as a Service (SaaS) forensic readiness across O365 and AWS, preservation workflows, evidence handling and data analysis.
Guide DF workflow maturity across EnCase, Nuix, FTK, Monolith Pro, Cellebrite, CrowdStrike EDR, IBM QRadar SIEM, O365, AWS, and ServiceNow. Advance responsible adoption of automation, AI assisted workflows, and future agentic AI capabilities with controls for approved data use, human review, source validation, audit logging, and least privilege access.
Review investigation strategy, final reports, and stakeholder communications for accuracy, evidence defensibility, confidentiality, and appropriate language. Maintain Standard Operating Procedures (SOPs), playbooks, Key Performance Indicators (KPIs), cross training, tabletop exercises, and report quality review processes to support team growth and operational maturity.
Basic Qualifications and Experience: Any degree and 12 to 17 years of information security, digital forensics, incident response, cybersecurity operations, cyber investigations, eDiscovery, or related field experience Experience should include at least 3 years leading technical teams, managing technical workstreams, or operating as a site or regional leader in a global cybersecurity environment.
Functional Skills: Must-Have Skills: Leadership of DFIR, cyber investigations, evidence handling, and sensitive Legal, HR, Compliance, and eDiscovery matters. Security operations escalation management with SOC, Tier 2 Security Operations, IR, CrowdStrike EDR, IBM QRadar SIEM, O365, AWS, and ServiceNow.
Strong understanding of forensic defensibility, chain of custody, cloud and SaaS evidence, privacy aware investigation scope, litigation hold, and report quality. Experience improving investigation operations through automation, AI assisted analysis, scripting, queries, playbooks, metrics, or workflow design.
Good-to-Have Skills: Hands on or oversight experience with EnCase, Nuix, FTK, Monolith Pro, Cellebrite, Microsoft Purview eDiscovery, AWS forensic workflows, and O365 evidence. Knowledge of identity investigation, insider risk, data movement, endpoint artifacts, mobile forensics, email evidence, and cloud log analysis.
Experience creating regulated documents, SOPs, work instructions, evidence handling standards, tabletop exercises, and readiness playbooks. Experience with scripting and query languages such as Python, PowerShell, Kusto Query Language (KQL), Ariel Query Language (AQL), Structured Query Language (SQL), Sigma, or YARA in a regulated global enterprise, consulting, government, or law enforcement cyber environment.
Professional Certifications: One active cybersecurity, digital forensics, incident response, electronic discovery, cloud security, security leadership, mobile forensics, or forensic tool certification is required. Strongly preferred certifications include Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC) Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Incident Handler (GCIH), EnCase Certified Examiner (EnCE), Certified Computer Examiner (CCE), Certified Forensic Computer Examiner (CFCE), Certified Hacking Forensic Investigator (CHFI), Cellebrite Certified Physical Analyst (CCPA), Cellebrite Certified Mobile Examiner (CCME), Nuix certification, FTK certification, AWS Certified Security - Specialty, or Microsoft security and compliance certification.
Preferred profile includes one leadership or security management certification and one DFIR, incident response, eDiscovery, cloud, mobile, or tool-specific certification. Soft Skills: Highest ethics, confidentiality, and sound judgment when handling employee, legal, security, and business evidence.
Strong leadership presence with ability to operate independently, make timely decisions, and know when to escalate. Clear written and verbal communication with technical teams, India office stakeholders, global leadership, Legal, HR, Compliance, and Privacy.
Strong interpersonal skills with the confidence to challenge unsupported conclusions, unclear scope, or improper requests. High attention to detail in evidence handling, case notes, report review, administrative work, and stakeholder updates.
Ability to manage competing priorities, coach analysts, and improve the function through automation, AI, metrics, and repeatable workflows. Shift Information: This position is based on site in Hyderabad, India. Standard working hours follow the assigned India office schedule.
Occasional after hours support may be required for incidents, Legal or HR matters, or global investigations. This is not expected to be a routine second or third shift role unless business needs change. EQUAL OPPORTUNITY STATEMENT Amgen is an Equal Opportunity employer and will consider you without regard to your race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
We will ensure that individuals with disabilities are provided with reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. .