|Preferred GIAC Certifications||GCTI, GCFA, GREM|
Apply through the URL.
The Cyber Threat Hunting lead oversees the planning, development, and execution of cyber threat hunting exercises at Pfizer. These exercises are aimed rooting out malicious behaviors and threat characteristics that are otherwise undetected by traditional security tools and monitoring. The incumbent, in cooperation with the Cyber Threat Intelligence lead and rotational staff, will work to drive results through innovative techniques and enable the effective detection and grouping of similar, persistent threat behaviors. Additionally, the individual will perform intrusion and intelligence analysis of cyber threats in support of key intelligence stakeholder requirements.
Develop and vet cyber threat hunting hypotheses.
Assist with the execution and analysis of results from cyber threat hunting exercises.
Follow-up on action items from cyber threat hunting exercises and provide regular updates to management.
Provide oversight of and work with team members to continuously improve the cyber threat hunting process.
Drive results from cyber threat hunting initiatives into detection and mitigation technologies.
Build relationships and partner with security teams and business units to develop additional hunting opportunities and identify/secure resource requirements.
Manage services and relationships with third-party service providers.
Perform intrusion and intelligence analysis of cyber threats in support of stakeholder intelligence requirements
BS in Computer Sciences, Information Security, Information Systems, Engineering, Sciences or related field.
5+ years experience in Cyber analysis functions / Security Operations / Threat Intelligence using a wide variety of security tools for monitoring a large-scale enterprise environment.
5+ years experience supporting and understanding of Windows, Linux, and UNIX operating systems.
5+ years Demonstrated expertise with common security controls including firewalls, proxies, IDS/IPS, SIEM, Netflow, Advanced Threat Detection products, etc.
5+ years experience with techniques of Computer Network Exploitation and Defense (CNE / CND).
GIAC certifications such as GCIA, GCIH, GCTI, GREM, etc.
Experience using intrusion analysis frameworks such as the Lockheed Martin Cyber Kill Chain, Diamond Model and MITRE ATT&CK.
Intelligence analysis using structured analytic techniques
Ability to program in Python, Bash and other scripting languages
Experience performing malware analysis and developing Yara signatures to detect malware threats.
Strong understanding of performing data analysis using Splunk and the creation of advanced queries, alerts, and reports.
Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements, preferably with applicable industry certifications.
Understands attack signatures, tactics, techniques and procedures associated with advanced threats and the ability to develop relevant alerting and countermeasures.
Strong leadership skills with the ability to prioritize and execute with minimal direction or oversight.
Proven track record of successfully managing and executing on short and long-term projects.
Ability to set and manage expectations with key stake-holders and team members.
Outstanding communication skills, including the ability to write and verbally articulate industry terminology to interact at a technical level, management level and senior executive level.
Demonstrated ability to work with a cross-functional Team.