Cybersecurity Vulnerability Management Associate

Why Patients Need You

Technology impacts everything we do. Pfizer’s digital and ‘data first’ strategy focuses on implementing impactful and innovative technology solutions across all functions from research to manufacturing. Whether you are digitizing drug discovery and development, identifying solutions, or making our work easier and faster, you will be making a difference to countless lives.

What You Will Achieve

The Global Information Security team delivers three core capabilities for Pfizer. The team secures the most important information assets through world-class protective controls, promotes a cybersecurity ownership culture across the company through targeted awareness education to empower colleagues to make informed risk decisions, and partners with business leaders to enable improved outcomes through the effective application of technologies that simplify user experience and reduce risk.

The Cybersecurity Vulnerability Management Analyst will be responsible for performing vulnerability scanning and assessments throughout the enterprise to protect the confidentiality, integrity and availability of information assets using a risk-based approach.

The position will report to the Vulnerability Management Manager and be located in Collegeville, PA.

This position will ensure continuous vulnerability life cycle management with focus on analysis and validation of scan results, setting relative Pfizer risk ratings, providing remediation recommendations, tracking and reporting of vulnerabilities to improve the overall security posture of Pfizer, with a focus on manufacturing and distribution services.

How You Will Achieve It

• Perform scheduled and/or on demand vulnerability scanning and assessments, including triage, reports and analysis
• Analysis and validation of scan/assessment results communicated to stakeholders through reporting and result review meetings
• Interacts directly with stakeholders to address issues related to remediation of vulnerability scanning and assessments.
• Support activities that are focused on helping key stakeholders with the interpretation of their vulnerability results, providing guidance on the remediation of existing or emerging threats, and evaluating false positives
• Configure, maintain, operate vulnerability management tools
• Work with metrics to help analyze and prioritize vulnerabilities for remediation
• Track remediation work consistently in order to advance improvements to program and closure of vulnerabilities
• Apply data, good judgement and organization skills to develop short-term risk reduction plans and ongoing improvement of the scanning and vulnerability remediation processes while adjusting for different Pfizer environments (Manufacturing, Research, Enterprise, etc.)
• Provide remediation support on any potential findings as needed
• Able to successfully partner with other security, OT/ICS manufacturing and IT infrastructure professionals to assess potential impact from vulnerabilities and determine appropriate mitigating controls
• Able to display a growing understanding of business drivers and apply to daily work
• Work with industry standard tools, as well as learn new innovative solutions
• Work with and influence key manufacturing partners, 3rd party service providers
• Support penetration testing, red-team exercises and other risk assessments if applicable

QualificationsMust-Have

• BS in Security and Risk Analysis, Information Assurance, and Cybersecurity, or related field.
• 2+ Years combined enterprise level IT and/or security experience.  Some experience performing security assessments preferred.
• Prefer experience or at least knowledge of different work environments beyond enterprise managed client fleet (e.g. manufacturing floor, laboratories, data center servers, specialty services (e.g. IoT, OT/ICS, facilities, Physical security, etc.)
• Strong technical knowledge with skill to apply understanding of operating systems, network protocols, and applications development
• Technical working experience with security testing tools, port scanners, vulnerability scanners, and exploit frameworks (Or experience with similar security product infrastructures).
• Knowledge of industry frameworks and best practices: CIS Critical Security Controls, Threat Modeling, OWASP, NIST 800 Series
• Understanding of malware, emerging threats, attacks, and vulnerability management with a personal drive to continue learning
• Experience with scripting or programming languages like Python, Ruby, or PowerShell
• High level of integrity and strong ethical values
• Excellent analytical and problem-solving skills. Able to apply ingenuity and think out of the box respecting different requirements from Pfizer environments (manufacturing, enterprise, servers, clients, etc.)
• Strong written and verbal communication skills
• Strong team player who collaborates well with others to solve problems

Nice-to-Have

• Relevant SANS training and/or certifications

 
 

PHYSICAL/MENTAL REQUIREMENTS

N/A

NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS

Standard work schedule

Sunshine Act

Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations.  These laws and regulations require Pfizer to provide government agencies with information such as a health care provider’s name, address and the type of payments or other value received, generally for public disclosure.  Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act.  Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government.  If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.

EEO & Employment Eligibility

Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status.  Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA.  Pfizer is an E-Verify employer.

Information & Business Tech

#LI-PFE