In Pfizer's Cyber Threat Detection Engineering team you're an experienced colleague, who will develop new detection content & improve fidelity of existing detections & conduct breach attack simulations. Hybrid role in Sandwich (Kent). Details on our careers webpage.
Your role
- Research/develop novel ways of detecting adversary activity
- Explore log data from a wide variety of technologies & develop alert logic for escalation to SOC
- Inspect/understand existing alert logic to improve efficacy of alerting
- Support the signature review process across all platforms
- Collaborate with Threat Hunting, Cyber Threat Intelligence, & Security Operations Center
- Develop reports & dashboards to measure efficacy of detection validation processes
- Develop automated validation processes to increase validation tooleffectiveness
- Track detection signatures against known adversaries & their TTPs
- Automate & create team processes & procedures
- Mentor/guide junior analysts
Basics
- BS in Information Security, Computer Sciences, Information Systems, Engineering
- Demonstrable experience: Detection Engineering, Incident Response, Red Team, Purple Team, Security Operations or Threat Intelligence functions in an enterprise environment
- Experience building detection content at enterprise scale
- Familiarity: analyzing logs for malicious behavior originating from endpoint hosts, firewalls, proxies, SIEM, NetFlow, Advanced Threat Detection products, etc
- Understand common networking ports & protocols, traffic flow, system administration, defense-in-depth, & common security elements
- Advanced understanding: Windows/Linux OS system behavior in relation to malicious activity & building detections and alerts in SIEM, endpoint & network tools
- Concise & accurate communicator: verbal; written; in produced documentation
- Demonstrated commitment to training, self-study & maintaining proficiency in various cyber security disciplines
- Demonstrated experience: agile work environment - collaborative mindset, adaptable to change, proactive problem-solver
- Great to have: security certification (Security+, GCIA, GCIH, GCTI, CEH)