Senior Cyber Threat Hunter
Pfizer
- United Kingdom
- Permanent
- Full-time
- Maintain awareness of threats targeting pharmaceutical companies and related industries, such as manufacturing and healthcare.
- Contribute to the identification of new, relevant threat hunting opportunities.
- Apply advanced technical knowledge and experience to design & execute cyber threat hunting exercises in an efficient, accurate, and complete manner.
- Contribute to the management of the team backlog.
- Perform all work in accordance with documented policies & procedures.
- Maintain current, accurate, and complete documentation for all phases of threat hunting exercises.
- Independently perform accurate & complete analysis of cyber threat hunt findings using defensible & creative investigative techniques.
- Leverage cyber threat hunt outcomes to develop detections & other security controls that proactively mitigate risk.
- Conceptualize and develop solutions for moderately complex challenges encountered by the team.
- Contribute to the identification, design, and/or development of new automation capabilities and process improvements that help mature the CTH program.
- Develop the knowledge and experience of the Pfizer environment to serve as a subject matter expert on the available logs and analysis techniques.
- Provide training & support to junior members of the team.
- Contribute to the ongoing development & improvement of the CTH program.
- Exercise sound judgement and decision-making by applying expert-level knowledge and experience.
- Perform all work in alignment with the Agile operating model established by the organization and adopted by the team.
- Maintain awareness of team procedures, emerging threats, organization announcements, technical solution operating practices, and team communication by regularly reviewing information from various forms of documentation, threat intelligence, & business communication.
- BS in Information Security, Computer Sciences, Information Systems, Engineering, Sciences, or related field
- Level of professional experience showcased through several years of employment in a corporate environment supporting information security, information technology, or related functions
- Experience querying, correlating, & analyzing large-scale datasets using tools such as Splunk, SQL, Python, and/or Microsoft Excel
- Experience analyzing data from network solutions (firewall, proxy, IPS/IDS, network security appliances, VPN, etc.), web applications, business information systems, endpoint security solutions, and other related technologies
- Extensive experience performing analysis of activity on Microsoft Windows endpoints, including process, network, registry, and file system events, along with related forms of activity
- Strong understanding of TCP/IP, common network protocols, OSI model, traffic flow analysis, and common network services (DHCP, DNS, web services, email, database, etc.)
- Ability to analyze and disposition various forms of endpoint, network, application, and / or service related collections of activity in a largely independent manner
- Demonstrated history of being a creative thinker, curious, detail-oriented, and collaborative
- Ability to clearly communicate potentially complex information in a concise, accurate, and complete manner in both written and verbal form
- Ability to communicate effectively in a team setting and establish a rapport with a diverse, globally dispersed group of information security professionals
- Commitment to training, self-paced study, and maintaining proficiency in the cybersecurity domain
- Level of experience consistent with several years of work in a Threat Hunting, Incident Response, or Security Operations functions using a variety of security tools for monitoring a large-scale enterprise environment
- Knowledge of information security principles and standards
- Experience using frameworks such as the Lockheed Martin Cyber Kill Chain, Diamond Model, and / or MITRE ATT&CK to model & analyze threat activity
- Experience developing detections and alerts using SIEM, endpoint, and network solutions
- Experience with one or more scripting languages, such as Python, Bash, or PowerShell
- Experience analyzing event data from common cloud services
- Experience analyzing Linux and/or Mac OS endpoint activity
- Security certifications such as GCIA, GCIH, GCTI, CEH, EnCE, CCE, Security+, CISSP or similar
- Demonstrated experience working on an Agile team with an emphasis on collaboration, adaptability, prioritization, & proactive problem-solving that yields meaningful outcomes
- Ability to perform complex data analysis