Skip to main content

This job has expired

You will need to login before you can apply for a job.

Lead Cyber Threat Hunter

Employer
Pfizer
Location
Collegeville, Pennsylvania
Start date
Aug 4, 2022

View more

ROLE SUMMARY

The Global Information Security (GIS) team secures Pfizer’s most important information assets through world class talent, top security controls, and a culture of empowerment & collaboration that enables Pfizer’s mission of delivering breakthroughs that change patients’ lives.

The Cyber Threat Hunting (CTH) team is responsible for identifying unknown or undetected threats to the organization that may have evaded security controls. Threat hunters use vast collections of data, an extensive toolset, and creative investigative techniques to identify & analyze adversary tactics, techniques, and procedures (TTPs). In collaboration with other GIS teams, the CTH team also contributes to the development and implementation new security controls and detections.

The Lead Cyber Threat Hunter is a senior member of the Cyber Threat Hunting team. The incumbent will use insights & analysis from the Cyber Threat Intelligence (CTI) team and other common sources to design threat hunts based on various attack vectors, along with the associated TTPs. They will apply their extensive knowledge & experience to independently perform threat hunts using a dynamic collection of tools, data, and processes. The incumbent will also contribute to the development of new detections and alerts that identify adversary activity. As a senior member of the team, they will work with the team manager to provide guidance to junior colleagues, assist with basic oversight duties, and contribute to the growth of the program.

The position requires an individual who is a creative thinker, curious, organized, detail-oriented, and capable of performing complex analysis. This is a non-managerial lead role that will require the incumbent to engage with cross-functional internal colleagues, and external partners in different capacities, including as a project lead. The incumbent will report to the Cyber Threat Hunting & Automation Enablement Manager. The Cyber Threat Hunting team is a part of the Cyber Threat Intelligence organization within Pfizer Global Information Security.

ROLE RESPONSIBILITIES

  • Maintain a general awareness of threats targeting pharmaceutical companies and related industries, such as manufacturing and healthcare.

  • Assist with maintenance of the CTH backlog, including the identification of threat hunting opportunities, along with the design, testing, assignment, and execution of threat hunts.

  • Perform all work in accordance with documented policies & procedures and help ensure junior colleague compliance with the same.

  • Perform accurate & complete analysis of cyber threat hunt findings using defensible & creative investigative techniques.

  • Leverage cyber threat hunt outcomes to develop detections & other security controls that proactively mitigate risk.

  • Conceptualize, develop, and/or implement solutions for moderately complex challenges encountered by the team.

  • Assist with providing training and mentorship to colleagues.

  • Assist with performing a subset of program oversight duties and contribute to the overall growth of the team.

  • Contribute to the identification, design, and/or development of new CTH automation capabilities and process improvements.

  • Exercise sound judgement & decision-making by leveraging knowledge & experience, along with policies, procedures, and company values (Courage, Excellence, Equity, & Joy).

  • Occasionally assume informal leadership role for team meetings and other similar events.

  • Serve as a lead or contributor for various team projects.

BASIC QUALIFICATIONS

  • BS in Information Security, Computer Sciences, Information Security, Information Systems, Engineering, Sciences, or related field.

  • 4+ years of professional experience in a corporate environment supporting information security, information technology, or network operation functions.

  • Experience serving in a formal or informal leadership capacity.

  • Experience querying, correlating, & analyzing large datasets using tools such as Splunk, SQL, Python, and/or Microsoft Excel.

  • Experience analyzing enterprise-scale collections of data from network solutions (firewalls, proxy solutions, IPS/IDS, network security appliances, etc.), web applications, business information systems, endpoint security solutions, and other related technologies.

  • Experience performing complex analysis of activity on Microsoft Windows endpoints, including process, service, network, registry, and file system events, along with related forms of activity.

  • Strong understanding of TCP/IP, common network protocols, traffic flow analysis, OSI model, enterprise-class network design & solutions, common network services (DHCP, DNS, webservices, email, etc.), and related security controls.

  • Experience with best-practices used to establish defense-in-depth for a variety of asset types in an enterprise-class environment.

  • Demonstrated history of being a creative thinker, curious, detail-oriented, and collaborative.

  • Ability to communicate potentially complex information in a concise, accurate, and complete manner in both written and verbal form.

  • Ability to communicate effectively in a team setting and establish a rapport with a diverse, globally dispersed group of information security professionals.

  • Commitment to training, self-paced study, and maintaining proficiency in the cybersecurity domain.

  • Following onboarding & training, capable of performing assigned work with minimal to no oversight.

PREFERRED QUALIFICATIONS

  • 3+ years of experience in Threat Hunting, Incident Response, or Security Operations functions using a wide variety of security tools for monitoring a large-scale enterprise environment.

  • Expert-level knowledge of information security principles and standards.

  • Experience using frameworks such as the Lockheed Martin Cyber Kill Chain, Diamond Model, and MITRE ATT&CK to model & analyze threat activity.

  • Experience developing detections and alerts using SIEM, endpoint, and network solutions.

  • Experience with one or more scripting languages, such as Python, Bash, or PowerShell.

  • Experience analyzing event data from common cloud services.

  • Experience analyzing Linux and/or Mac OS endpoint activity.

  • Security certifications such as GCIA, GCIH, GCTI, CEH, EnCE, CCE, Security+, CISSP or similar

PHYSICAL/MENTAL REQUIREMENTS

Ability to perform complex data analysis

OTHER JOB DETAILS:

Last Date to Apply for Job: 8/18/2022
Work Location Assignment:Flexible

Locations: Collegeville, PA or Groton, CT

Pfizer requires all U.S. new hires to be fully vaccinated for COVID-19 prior to the first date of employment. As required by applicable law, Pfizer will consider requests for Reasonable Accommodations.

Sunshine Act

Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider’s name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.

EEO & Employment Eligibility

Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.

Information & Business Tech

#LI-PFE

Get job alerts

Create a job alert and receive personalized job recommendations straight to your inbox.

Create alert