Senior Threat Detection Engineer
Pfizer’s Global Information Security (GIS) organization delivers proactive cyber defense for the global enterprise. Our mission is to secure all of Pfizer’s digital information assets ranging from our scientific breakthroughs to the manufacturing floor, and out to the patients we serve. We achieve this mission through a combination of world-class talent, top-tier technologies, industry leading best practices, and the promotion of a cybersecurity ownership culture across the company.
The Cyber Threat Detection Engineering team is responsible for maintaining, creating, and validating security related detections. By working with their primary stakeholders, they maintain alerting hygiene, drive creation of new detection capabilities, and validate Pfizer’s posture against known threats. The Cyber Threat Detection Engineering team achieves their mission by utilizing threat intelligence to drive priorities for the team and interfacing with multiple internal key stakeholders.
The Threat Detection Engineer will be responsible for developing new detection content across a variety of security technologies and diverse log data based off prioritized intelligence requirements. The individual will also be responsible for improving fidelity of existing detections to reduce false positives in existing detection content. Additionally, the Detection Engineer will conduct breach attack simulations (BAS) to determine security posture against known threats.
The individual must be highly motivated to continually grow and expand their existing technical skillset to adapt to the ever-changing threat landscape. This role is an experienced individual contributor that will report to the Manager, Threat Detection Engineering.
How You Will Achieve It
Research and develop novel ways of detecting adversary activity.
Explore log data from a wide variety of technologies and develop alert logic for escalation to SOC.
Ability to inspect and understand existing alert logic to improve efficacy of alerting.
Support the signature review process across all platforms (Network, Email, Endpoint, etc.).
Collaborate with Threat Hunting, Cyber Threat Intelligence, and Security Operations Center to evaluate detection posture and address gaps in alerting.
Develop reports and dashboards to measure efficacy of detection validation processes.
Develop automated validation processes to increase effectiveness of validation tools.
Track detection signatures against known adversaries and their TTPs.
Automate existing processes.
Create new team processes and procedures.
Mentor junior analysts and provide guidance on technical steps and detection engineering processes.
BS in Information Security, Computer Sciences, Information Systems, Engineering, Sciences, or related field.
Demonstrable experience in Detection Engineering, Incident Response, Red Team, Purple Team, Security Operations or Threat Intelligence functions in an enterprise environment.
Experience building detection content at enterprise scale.
Familiarity with analyzing logs for malicious behavior originating from endpoint hosts, firewalls, proxies, SIEM, NetFlow, Advanced Threat Detection products, etc.
Understanding of common networking ports and protocols, traffic flow, system administration, defense-in-depth, and common security elements.
Advanced understanding of Windows/Linux OS system behavior in relation to malicious activity.
Advanced understanding of building detections and alerts in SIEM, endpoint and network tools.
Ability to provide concise and accurate communications (both verbal and written) in produced documentation.
Ability to communicate and establish rapport with a global team of incident responders and intelligence analysts.
Demonstrated commitment to training, self-study and maintaining proficiency in various cyber security disciplines.
Creative thinker with strong attention to detail.
Ability to work independently with little oversight.
Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.
Experience supporting projects and initiatives with minimal oversight.
Experience with performing incident response in cloud-based environments.
Experience with developing security and data analysis tools using one or more scripting languages such as Python, Bash, etc.
Exposure to adversary simulation and validation tools and frameworks.
Exposure to red team tools, methodologies, and frameworks.
Experience in developing Yara rules to aid in the proactive identification of adversary capabilities using various open and closed source platforms.
Familiarity with translating threat activity described in cyber threat intelligence reporting into detections.
Security certifications such as Security+, GCIA, GCIH, GCTI, CEH, or similar.
Work Location Assignment: Sandwich (Kent, UK), Flexible working arrangement possible
Breakthroughs that change patients' lives... At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.
Digital Transformation Strategy
One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.
We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation!
Equal Employment Opportunity
We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.
We are proud to be a Disability Confident Employer and we encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments necessary to support your application and future career. Our mission is unleashing the power of our people, especially those with unique superpowers. Your journey with Pfizer starts here!Information & Business Tech#LI-PFE