ROLE SUMMARY
The Global Information Security (GIS) organization secures Pfizer’s most important information assets through world class talent, top security controls and an empowered culture that serves to enable Pfizer’s mission of delivering breakthroughs that change patients’ lives.
The Cyber Threat Detection Engineering team is responsible for maintaining, creating, and validating security related detections. By working with their primary stakeholders, they maintain alerting hygiene, drive creation of new material, and validate posture against known threats. The Cyber Threat Detection Engineering team achieves their mission by utilizing threat intelligence to drive priorities for the team and interfacing with multiple internal key stakeholders.
The Associate, Cyber Threat Detection Engineer will be responsible for supporting the team mission of maintaining, creating, and validating security related detections that prevent advanced threats from impacting Pfizer’s assets. The individual will be responsible for developing new and tuning existing detections that help identify prioritized threats that may impact Pfizer’s environment. The individual will continually evaluate existing detections and tune them to improve effectiveness and reduce noise. The individual will also support validating our existing defensive posture to ensure security control gaps are eliminated and advanced threats can be effectively detected. The individual must also be comfortable with continual interfacing with multiple teams such as Incident Response, Cyber Threat Intelligence and Cyber Threat Hunting. The individual will also be highly motivated to continually grow and expand their existing technical skillset to adapt to the ever-changing threat landscape.
The position is an entry level role . Ideal candidates will have the basic qualifications shown below however candidates possessing a strong subset of skills with the motivation for continued skillset development will be considered. The individual that will engage with cross functional internal colleagues and external partners and reports to the Director, Cyber Threat Intelligence within the Pfizer Digital Global Information Security organization.
ROLE RESPONSIBILITIES
- Create new detections and alerts across multiple security technologies to identify malicious and anomalous cyber threat activity.
- Tune existing alerts to reduce false positives and to increase detection performance and efficacy through standardized processes.
- Validate detection coverage by executing intelligence led assessments against internal security technologies.
- Review existing signatures across multiple security platforms to identify opportunities for new alerts.
- Support the signature review process across all platforms (IPS, Email and Endpoint).
- Collaborate across GIS teams to increase detection effectiveness.
- Support the integration of threat intelligence into the detection development process.
- Support the development of a threat detection scorecard to determine efficacy of existing signatures
- Track detection signatures against known adversaries and their TTPs.
BASIC QUALIFICATIONS
- Threat Detection Engineering experience in a corporate environment
- Familiarity with analysing logs for malicious behaviour originating from endpoint hosts, firewalls, proxies, IDS/IPS, SIEM, Netflow, Advanced Threat Detection products, etc.
- Entry level understanding of TCP/IP, common networking ports and protocols (HTTP, DNS, etc), traffic flow, system administration, OSI model, defence-in-depth, and common security elements.
- Entry level understanding with aspects of Windows/Linux OS system behaviour in relation to malicious activity.
- Entry level understanding of building detections and alerts in SIEM, endpoint and network tools.
- Creative thinker with strong attention to detail.
- Ability to provide concise and accurate communications (both verbal and written) in produced threat hunt reports.
- Ability to communicate and establish rapport with a global team of incident responders and intelligence analysts.
- Demonstrated commitment to training, self-study and maintaining proficiency in various cyber security disciplines.
PREFERRED QUALIFICATIONS
- BS in Information Security, Computer Sciences, Information Systems, Engineering, Sciences, or related field.
- Experience in Incident Response, Security Operations or Threat Intelligence functions using a wide variety of security tools for monitoring a large-scale enterprise environment.
- Experience supporting small projects and initiatives with minimal oversight.
- Experience with developing security and data analysis tools using one or more scripting languages such as Python and Bash.
- Exposure to adversary simulation and validation tools and frameworks.
- Experience developing custom network and endpoint detection rules.
- Experience in developing Yara rules to aid in the proactive identification of adversary capabilities using various open and closed source platforms.
- Familiarity with translating threat activity described in cyber threat intelligence reporting into detections.
- Security certifications such as Security+, GCIA, GCIH, GCTI, CEH, or similar.
#LI-PFE
Purpose
Breakthroughs that change patients’ lives … At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.
Digital Transformation Strategy
One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.
Flexibility
We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation!
Equal Employment Opportunity
We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.