|Preferred GIAC Certifications||GCTI, GCFA, GREM|
The Cyber Threat Intelligence team is responsible for reducing risk to Pfizer from cyber threats by understanding adversary tactics, techniques and procedures with a focus on deriving, curating and disseminating intelligence to key stakeholders, including additional focus on effectively building proactive countermeasures to detect and prevent malicious activity.
The incumbent will be a lead member of the Cyber Threat Intelligence team responsible for researching, understanding and tracking various cyber threats with a focus on motives supporting espionage, industrial control system (ICS) and financial computer network operations. The incumbent will translate intelligence requirements into deliverable products that will enable our stakeholders to successfully reduce risk to Pfizer. The position is an individual contributor role with leadership and engagement with cross functional internal colleagues and external partners and reports to the Cyber Threat Intelligence, Senior Manager within the Pfizer Digital Global Information Security organization.
* Acquiring and maintaining extensive knowledge of the cyber threat landscape from open source and privately produced reports to include advanced threat actors, techniques, capabilities and targets relevant to industry.
* Developing and curating threat intelligence related to industrial control system (ICS) threats.
* Performing technical indicator analysis of cyber threats through in-depth pivoting using internally developed and external tools and services.
* Conducting in-depth intrusion analysis of cyber threats utilizing frameworks such as the Lockheed Martin Cyber Kill Chain, Diamond Model and MITRE ATT&CK.
* Development of strategic, tactical and operational intelligence reports for stakeholder dissemination.
* Lead key team projects centered around the cyber threat intelligence mission.
* Present knowledge and intelligence related to cyber threats at both a technical and management level to help shape both tactical and strategic priorities.
* Generate tactical detections and mitigations to support the identification of cyber threats.
* Participating in the execution of intelligence-based incident response processes.
* Perform extensive OSINT analysis to support daily team intelligence requirements.
* Interface with external sharing communities through the sharing of timely and relevant cyber threats.
* BS in Information Security, Computer Sciences, Information Security, Information Systems, Engineering, Sciences or related field.
* 5+ years’ demonstrated expertise with common security controls including firewalls, proxies, IDS/IPS, SIEM, Netflow, Advanced Threat Detection products, etc.
* 5+ years’ experience with techniques of Computer Network Exploitation and Defense (CNE / CND).
* In-depth understanding and application of frameworks such as the Lockheed Martin Cyber Kill Chain, Diamond Model and MITRE ATT&CK.
* In-depth understanding of TCP/IP, common networking ports and protocols (HTTP, DNS, etc), traffic flow, system administration, OSI model, defense-in-depth, and common security elements, preferably with applicable industry certifications.
* Experience in information analysis and the intelligence analysis cycle.
* Experience performing technical collaboration across peer organizations, governments agencies and industry forums.
* Ability to provide concise and accurate communications (both verbal and written)
* Proven track record of successfully managing and executing on short term and long-term projects
* Ability to communicate and establish rapport with a global team of incident responders and intelligence analysts.
* Knowledge of the cyber threat landscape—including adversaries, TTPs, targets
* Outstanding communication skills, including the ability to write and verbally articulate industry terminology to interact at a technical level, management level and senior executive level.
* 5+ years’ experience in Incident Response / Security Operations / Threat Intelligence functions using a wide variety of security tools for monitoring a large-scale enterprise environment.
* Experience in Operational Technology (OT) environments and Industrial Control System (ICS) technologies
* Ability to program in Python and Bash
* Experience in developing yara rules to aid in the proactive identification of adversary capabilities using various open and closed source platforms.
* Experience performing malware analysis to identify functionality of adversary tools and capabilities.
* Practical experience using structured analytic techniques and identifying biases.
* Incident response experience to include analysis of forensic artifacts on Windows based operating systems.
* Strong understanding of performing data analysis using Splunk and the creation of advanced queries, alerts, and reports.
* Understands attack signatures, tactics, techniques and procedures associated with advanced threats and the ability to develop relevant alerting and countermeasures.
* GIAC certifications such as GCIA, GCIH, GCTI, GREM or similar