The Global Information Security Business Technology (GIS-BT) team delivers three core capabilities for Pfizer. The team secures the most important information assets through world-class protective controls, promotes a cybersecurity ownership culture across the company through targeted awareness education to empower colleagues to make informed risk decisions, and partners with business leaders to enable improved outcomes through the effective application of technologies that simplify user experience and reduce risk.
This position will perform the role senior security assessments and attack and penetration specialist within BT Global Information Security. The analyst will be expected to utilize their technical and creative skills for threat and risk analysis as well as testing various applications, platforms, and solutions for company projects and responding to incidents. The position will work with matrix groups and may work on multiple projects at a given time. The ability to work with the teams independently is critical to delivering timely outcomes.
Performing and/or coordinating manual Attack and Penetration (A&P) testing, utilizing and leveraging the latest technologies in this role (ie black web applications, mobile applications, various platforms, web services, databases, overall solutions)
Perform security threat modeling and assessments on various solutions in addition to manual A&P testing.
Lead and perform red team assessments
Lead and perform technical Critical Asset Review Evaluations
Researching new security threats, vulnerabilities and exploit techniques
Respond to new security threats and help implement new requirements as needed
Managing and maintaining security testing frameworks
Create or update new test cases and documentation for red teaming, CARE, and security testing for the security testing team
Develop and Lead training for technical testers and development teams for industry updates and technical changes.
Identify appropriate remediation steps, working with business partners to ensure that the threats that have been identified are correctly remediated and lead or co-lead the closure of the exposure while acquiring business expertise.
Identify gaps in analytical data and recommend additional data gathering to support or eliminate potential situations. Work collaboratively with forensic analysts and threat intelligence specialists to gather such data.
Demonstrated ability to work independently on multiple projects simultaneously with various project scopes.
Makes decisions guided by policies in non-standard situations
Complete work accurately and within the deadlines required.
Manages and provide technical guidance and oversight for technical resources
Utilize security related tools including A&P tools, Security application development tools, and other pertinent tools to establish detection of vulnerabilities, and subsequently create the appropriate reporting mechanisms and proactively recommend upgrades or special use tool recommendations.
Determining and testing upgrades to security technologies within scope
Work in a team environment while maintaining confidentiality of investigation information.
Provide mentoring to newer team members.
Deep knowledge of working with OWASP concepts for various solutions
Bachelor's degree, preferably in a technical field
5+ years' experience managing security operational services
Strong understanding of IT operations and service support processes, ITILv3 certification preferred
3+ years' experience in pharmaceutical or other regulated industry
Ethical Hacker Certification or Similar
Security certifications are desired but not required (CISSP, GIAC, CEH, MSCE Plus Security).High level of integrity and strong ethical values
At least 4 years of demonstrated manual security testing
Ability to discreetly conduct security investigations while maintaining privacy of the effort
Strong analytical capabilities, with ability to reliably infer information and interpolate results from potentially incomplete data.
Effective and efficient written and oral communication skills, including a demonstrated ability to work effectively with managers/directors
Effectively work on multiple priorities in a dynamic environment
Ability to work both independently and in a team-oriented, collaborative environment
Familiarity with data protection techniques including encryption, backup and archiving.
Strong interpersonal, communication, influencing, analytical and problem-solving skills
Familiarity with forensic practices
Familiarity with protection of Personally Identifiable Information (PII)
Familiarity with PCI requirements
Familiarity with medical devices
Interacts with customer within Corporate IT and other Pfizer business units. Adept at understanding customer challenges, navigating from problem to resolution and communicating process and resolution effectively both verbally and in writing. Quickly escalates customer satisfaction concerns to management, but does so with recommended approaches to addressing the concerns.
Proficient verbal communication skills
Proficient writing and presentation development skills
Experience with Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (ex: Burp, nmap, Nessus)
Experience in security configuration and operation of UNIX (Solaris), Linux, Android, iOS and Windows systems
Familiarity with TCP/IP protocols (Wi-Fi, telnet, FTP, HTTP/S, NFS, SMTP, SNMP, NetBIOS) and ability to analyze packet captures.
Experience programming or scripting in UNIX, Windows, Android or iOS platforms, and wearables
Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider's name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.
EEO & Employment Eligibility
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.
Other Job Details:
N (Other) (United States of America)
Pfizer is an equal opportunity employer and complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.