Senior Threat Detection Engineer

at  Pfizer

Why Patients Need You
The Global Information Security (GIS) organization secures Pfizer’s most important information assets through world class talent, top security controls and an empowered culture that serves to enable Pfizer’s mission of delivering breakthroughs that change patients’ lives.
The Cyber Threat Detection Engineering team is responsible for maintaining, creating, and validating security related detections. By working with their primary stakeholders, they maintain alerting hygiene, drive creation of new alerts, and validate Pfizer’s posture against known threats. The Threat Detection Engineering team achieves their mission by utilizing threat intelligence to drive priorities for the team and interfacing with multiple internal key stakeholders.
What You Will Achieve
The Threat Detection Engineer will be responsible for developing new detections from prioritized intelligence requirements that are relevant to Pfizer’s environment. The individual will also be responsible for identifying and modifying existing detections to reduce false positives. Additionally, the Detection Engineer will conduct breach attack simulations (BAS) utilizing various technologies. The individual will interface with Incident Response, Cyber Threat Intelligence and Cyber Threat Hunting teams to continually improve Pfizer’s ability to secure their assets from cyber threats.
The individual must be highly motivated to continually grow and expand their existing technical skillset to adapt to the ever-changing threat landscape. The position is a senior individual contributor role that will report to the Manager, Threat Detection Engineering.

How You Will Achieve It

• Create new detections and alerts to identify cyber threats based on input from multiple Information Security teams, including Threat Intelligence and Cyber Threat Hunt teams
• Review existing signatures across all security platforms and identify opportunities for new alerts
• Onboard new security technologies and build detections based off included logging
• Validate detection coverage by executing intelligence led assessments against internal security technologies
• Use existing red team tools and frameworks to validate detection posture
• Develop new custom validation procedures for testing detection posture against known threats
• Disseminate validation results to relevant stakeholders
• Drive closure of gaps identified through validation exercises
• Develop automated validation processes to increase effectiveness of validation tools
• Collaborate across GIS teams to increase detection effectiveness
• Track detection signatures against known adversaries and their TTPs
• Reduce false positive alerts and increase detection performance through standardized processes
• Support the signature review process across all platforms (Network, Email, Endpoint, etc.)

Qualifications

Basic Qualifications

• Applicant must have a Bachelor’s degree with three years of relevant experience; OR Master’s degree with one year of relevant experience; OR Associate’s degree with six years of relevant experience; OR eight years of relevant experience with a high school diploma or equivalent
• Experience in Detection Engineering, Incident Response, Red Team, Purple Team, Security Operations, Threat Intelligence, or other cybersecurity related function in an enterprise environment
• Familiarity with analyzing logs for malicious behavior originating from endpoint hosts, firewalls, proxies, IDS/IPS, SIEM, Advanced Threat Detection products, etc
• Entry level understanding of TCP/IP, common networking ports and protocols (HTTP, DNS, etc), traffic flow, system administration, OSI model, defense-in-depth, and common security elements
• Entry level understanding of Windows/Linux OS system behavior in relation to malicious activity
• Experience with building detections and alerts in SIEM, endpoint and network tools
• Creative thinker with strong attention to detail
• Ability to provide concise and accurate communications (both verbal and written) in produced documentation
• Ability to communicate and establish rapport with a global team of incident responders and intelligence analysts
• Demonstrated commitment to training, self-study and maintaining proficiency in various cyber security disciplines
• Ability to work independently with minimal oversight
• Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach

Preferred Qualifications

• Experience supporting projects and initiatives with minimal oversight
• Experience with performing incident response in on-prem and cloud-based environments
• Experience with developing security and data analysis tools using one or more scripting languages such as Python, Bash, etc
• Exposure to adversary simulation and validation tools and frameworks
• Exposure to red team tools, methodologies, and frameworks
• Familiarity with translating threat activity described in cyber threat intelligence reporting into detections
• Security certifications such as Security+, GCIA, GCIH, GCTI, CEH, or similar

NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS

• Work Location Assignment Hybrid: Hybrid colleagues must be able to work in Pfizer Collegeville office 2-3 days per week, or as needed by the business to connect and innovate with their team face-to-face. However, they also benefit from being able to work offsite regularly when it makes business sense to do so.

Other Job Details:

• Last day to apply: April 08, 2024

The annual base salary for this position ranges from $74,900.00 to $124,800.00. In addition, this position is eligible for participation in Pfizer’s Global Performance Plan with a bonus target of 7.5% of the base salary. We offer comprehensive and generous benefits and programs to help our colleagues lead healthy lives and to support each of life’s moments. Benefits offered include a 401(k) plan with Pfizer Matching Contributions and an additional Pfizer Retirement Savings Contribution, paid vacation, holiday and personal days, paid caregiver/parental and medical leave, and health benefits to include medical, prescription drug, dental and vision coverage. Learn more at Pfizer Candidate Site – U.S. Benefits | (uscandidates.mypfizerbenefits.com). Pfizer compensation structures and benefit packages are aligned based on the location of hire. The United States salary range provided does not apply to Tampa, FL or any location outside of the United States.
Relocation assistance may be available based on business needs and/or eligibility.
Sunshine Act
Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider’s name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.
EEO & Employment Eligibility
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer. This position requires permanent work authorization in the United States.
Information & Business Tech

Please refer the Job description for details