Current Statistics
1,753,405 Total Jobs 373,820 Jobs Today 17,913 Cities 222,695 Job Seekers 146,729 Resumes |
|
|
|
|
|
|
Senior Threat Detection Engineer - Collegeville Pennsylvania
Company: Pfizer Location: Collegeville, Pennsylvania
Posted On: 05/05/2024
Why Patients Need You The Global Information Security (GIS) organization secures Pfizer's most important information assets through world class talent, top security controls and an empowered culture that serves to enable Pfizer's mission of delivering breakthroughs that change patients' lives. The Cyber Threat Detection Engineering team is responsible for maintaining, creating, and validating security related detections. By working with their primary stakeholders, they maintain alerting hygiene, drive creation of new alerts, and validate Pfizer's posture against known threats. The Threat Detection Engineering team achieves their mission by utilizing threat intelligence to drive priorities for the team and interfacing with multiple internal key stakeholders. What You Will Achieve The Threat Detection Engineer will be responsible for developing new detections from prioritized intelligence requirements that are relevant to Pfizer's environment. The individual will also be responsible for identifying and modifying existing detections to reduce false positives. Additionally, the Detection Engineer will conduct breach attack simulations (BAS) utilizing various technologies. The individual will interface with Incident Response, Cyber Threat Intelligence and Cyber Threat Hunting teams to continually improve Pfizer's ability to secure their assets from cyber threats. The individual must be highly motivated to continually grow and expand their existing technical skillset to adapt to the ever-changing threat landscape. The position is a senior individual contributor role that will report to the Manager, Threat Detection Engineering. How You Will Achieve It - Create new detections and alerts to identify cyber threats based on input from multiple Information Security teams, including Threat Intelligence and Cyber Threat Hunt teams
- Review existing signatures across all security platforms and identify opportunities for new alerts
- Onboard new security technologies and build detections based off included logging
- Validate detection coverage by executing intelligence led assessments against internal security technologies
- Use existing red team tools and frameworks to validate detection posture
- Develop new custom validation procedures for testing detection posture against known threats
- Disseminate validation results to relevant stakeholders
- Drive closure of gaps identified through validation exercises
- Develop automated validation processes to increase effectiveness of validation tools
- Collaborate across GIS teams to increase detection effectiveness
- Track detection signatures against known adversaries and their TTPs
- Reduce false positive alerts and increase detection performance through standardized processes
- Support the signature review process across all platforms (Network, Email, Endpoint, etc.)
Qualifications Basic Qualifications - Applicant must have a Bachelor's degree with three years of relevant experience; OR Master's degree with one year of relevant experience; OR Associate's degree with six years of relevant experience; OR eight years of relevant experience with a high school diploma or equivalent
- Experience in Detection Engineering, Incident Response, Red Team, Purple Team, Security Operations, Threat Intelligence, or other cybersecurity related function in an enterprise environment
- Familiarity with analyzing logs for malicious behavior originating from endpoint hosts, firewalls, proxies, IDS/IPS, SIEM, Advanced Threat Detection products, etc
- Entry level understanding of TCP/IP, common networking ports and protocols (HTTP, DNS, etc), traffic flow, system administration, OSI model, defense-in-depth, and common security elements
- Entry level understanding of Windows/Linux OS system behavior in relation to malicious activity
- Experience with building detections and alerts in SIEM, endpoint and network tools
- Creative thinker with strong attention to detail
- Ability to provide concise and accurate communications (both verbal and written) in produced documentation
- Ability to communicate and establish rapport with a global team of incident responders and intelligence analysts
- Demonstrated commitment to training, self-study and maintaining proficiency in various cyber security disciplines
- Ability to work independently with minimal oversight
- Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach
Preferred Qualifications - Experience supporting projects and initiatives with minimal oversight
- Experience with performing incident response in on-prem and cloud-based environments
- Experience with developing security and data analysis tools using one or more scripting languages such as Python, Bash, etc
- Exposure to adversary simulation and validation tools and frameworks
- Exposure to red team tools, methodologies, and frameworks
- Familiarity with translating threat activity described in cyber threat intelligence reporting into detections
- Security certifications such as Security+, GCIA, GCIH, GCTI, CEH, or similar
NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS |
|
|
|
|
|
|