The Global Information Security (GIS) organization secures Pfizer's most important information assets through world class talent, top security controls and an empowered culture that serves to enable Pfizer's mission of delivering breakthroughs that change patients' lives. The Cyber Threat Detection Engineering team maintains, creates, and validates security related detections. The Threat Detection Engineer develops new detections based off prioritized intelligence requirements that are relevant to Pfizer's environment. They are accountable for identifying & modifying existing detections to reduce false positives. Additionally, they conduct breach attack simulations (BAS) utilizing various technologies. The individual will interface with Incident Response, Cyber Threat Intelligence & Cyber Threat Hunting teams to continually improve Pfizer's ability to secure their assets from Cyber Threats. The position is an individual contributor role that reports to the Manager, Threat Detection Engineering. Full details/requirements on the Pfizer UK careers webpage.
TASKS
- Create new detections and alerts to identify Cyber Threats based on input from multiple Information Security teams, including Threat Intelligence and Cyber Threat Hunt teams
- Review existing signatures across all security platforms to identify opportunities for new alerts
- Onboard new security technologies and build detections based off included logging
- Validate detection coverage by executing intelligence led assessments against internal security technologies
- Use existing red team tools and frameworks to validate detection posture
- Develop new custom validation procedures for testing detection posture against known threats
- Disseminate validation results to relevant stakeholders
- Drive closure of gaps identified through validation exercises
- Develop automated validation processes to increase effectiveness of validation tools
- Work with GIS teams to increase detection effectiveness
- Track detection signatures against known adversaries and their TTPs
- Reduce false positive alerts and increase detection performance through standardized processes
- Support the signature review process across all platforms (IPS, Email, Endpoint, etc.)