Senior Cyber Threat Hunter

  • Pfizer
  • Collegeville, PA, USA
  • Dec 17, 2020
Full-time Big Data Computer Science Cybersecurity Data Analysis Data Security Information Security Risk Analysis

Job Description

The Global Information Security (GIS) team secures Pfizer’s most important information assets through world class talent, top security controls and an empowered culture that serves to enable Pfizer’s mission of delivering breakthroughs that change patients’ lives.

The Cyber Threat Hunting team is responsible for finding unknown or unidentified threats to the organization that may have evaded existing security defenses and can impact Pfizer assets. With the assumption of system compromise, threat hunters will use various data sources, tools, and investigative methods to identify adversaries, along with the tactics, techniques, and procedures ("TTP's") they use to perform unauthorized and malicious activity. The team is responsible for mitigating risk through threat identification and works to implement stronger security controls and improved threat detection capabilities through every hunt execution.

The incumbent will be a member of the Cyber Threat Hunting team that will execute threat hunts using existing tools and processes across a wide array of data sets in order to find evidence of successful defense evasion. They will use intelligence provided by the Cyber Threat Intelligence team to execute hunts based on known attack vectors and tactics, techniques and procedures indicative of malicious behavior. They will develop new detections and alerts that can help drive the identification of adversaries. The position requires an individual that is a creative, outside the box thinker, who has excellent attention to detail. The position is an individual contributor role that will engage with cyber threat intelligence analysts, cross functional internal colleagues and external partners and will report to the Cyber Threat Hunt Manager in the Cyber Threat Intelligence team within the Pfizer Global Information Security organization.

ROLE RESPONSIBILITIES

  • Develop hunt hypothesis based on available threat intelligence and intrusion activity
  • Execute hunts using available processes and tools
  • Create detections to identify adversary activity across a suite of tools supporting our SIEM, endpoints and network.
  • Document and communicate hunt findings to the Cyber Hunt Manager
  • Acquire and maintain knowledge of the cyber threat landscape through internal incident intelligence, privately produced vendor intelligence reports and open source intelligence (OSINT) to include advanced threat actors, techniques, capabilities and targets relevant to industry.
  • Participate in team projects centered around the cyber threat hunting mission.

BASIC QUALIFICATIONS

  • BS in Information Security, Computer Sciences, Information Security, Information Systems, Engineering, Sciences or related field required.
  • 3+ years of professional experience in a corporate environment supporting information security, system administration or network operation functions required.
  • Experience analyzing logs for malicious behavior originating from firewalls, proxies, IDS/IPS, SIEM, Netflow, Advanced Threat Detection products, etc.
  • Strong understanding of TCP/IP, common networking ports and protocols (HTTP, DNS, etc), traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
  • Experience using frameworks such as the Lockheed Martin Cyber Kill Chain, Diamond Model and MITRE ATT&CK to understand threat activity.
  • Experience analyzing large datasets from multiple sources utilizing tools such as Splunk and Microsoft Excel
  • Creative thinker with strong attention to detail
  • Ability to provide concise and accurate communications (both verbal and written) in produced threat hunt reports.
  • Ability to communicate and establish rapport with a global team of incident responders and intelligence analysts.
  • Commitment to training, self-study and maintaining proficiency in the cyber threat intelligence domain.

PREFERRED QUALIFICATIONS

  • 3+ years of experience in Incident Response, Security Operations or Threat Intelligence functions using a wide variety of security tools for monitoring a large-scale enterprise environment.
  • Experience developing detections and alerts using SIEM, endpoint and network tools.
  • Experience with one or more scripting languages such as Python, Bash, etc
    Security certifications such as GCIA, GCIH, GCTI, CEH, Security+, CISSP or similar

Other Job Details:

  • Additional Location Information: Collegeville, PA or Groton, CT
  • Eligible for Employee Referral Bonus
  • #LI-PFE

Sunshine Act

Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider’s name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.

EEO & Employment Eligibility

Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.

Job ID

4801101