Senior Associate, Red Team
Pfizer Inc.
Collegeville, PA
Job posting number: #7134852 (Ref:pf-4870775)
Posted: March 17, 2023
Application Deadline: Open Until Filled
Job Description
The Global Information Security (GIS) organization at Pfizer delivers three core responsive capabilities for Pfizer – Intrusion Detection & Analysis, Cyber Threat Intelligence, and Digital Forensics & Insider Threat. GIS secures Pfizer’s most important information assets through world-class controls and protections. GIS enables Pfizer’s business results by making security an enabler and not a roadblock. GIS strives to broaden the cybersecurity ownership culture across the company through targeted awareness campaigns and empowering colleagues to be risk aware.
The Red Team Sr. Associate position within the Security Consulting & Testing team will engage with business and technology teams to secure digital solution projects globally. The associate will work to validate security controls and incident response through offensive security methods. The associate will work with security teams to enhance existing services by conducting hands-on technical testing focused on detection and response. Conduct full exploitation and leveraging of access within multiple environments, including complex Active Directory and mixed Windows and nix environment.
Associate will develop comprehensive and accurate reports and presentations for both technical and executive audiences. Identify, track, and communicate findings while developing remediation strategies with technical staff, executive leadership, and legal counsel. Apply security testing and penetration testing techniques and mindset to a wide range of projects and promote an environment of innovation and knowledge sharing. The position is an individual contributor role with leadership and engagement with cross functional internal colleagues and external partners and reports to the Red Team, Manager within the GIS organization.
Role Responsibilities
Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities through manual methodologies
Create reports detailing vulnerabilities and risks, review reports with leadership
Provide technical knowledge or experience developing automated scripts, using interpreted languages not limited to, Python or modern scripting languages
Perform independent research on new and emerging exploits and tooling
Understand gaps in detection capabilities and create opportunities to engage Blue Team activity
Engage on multiple, concurrent, projects meeting project timelines and delivering defined results
Work effectively in a team environment, including cross-unit and cross-divisional teams, and maintain poise and composure in difficult situations, with a professional attitude at all times
Respond to ad hoc security request for Proof of concept or Post exploitation activities
Conduct Red Teaming independently and with the team
Qualifications
Must-Have
BS in Computer Sciences, Information Security, Information Systems, Engineering, Sciences, or related field
3 - 4 years of information and cybersecurity related experience
Ability to analyze and track vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence
Ability to work with teams independently and in a team-oriented, collaborative environment with strong attention to detail
Experience with developing, extending, or modifying exploits, shellcode, or exploit tools
Familiar with common methodologies conducting offensive security testing
Ability to administer, and troubleshoot through use of Kali and Ubuntu as an attack platform
Experience and knowledge of common C2 platforms
Ability to proactively solve complex problems both individually and as part of a team
Demonstrated commitment to training, self-study and maintaining proficiency in the cyber security domain
Effective oral, written, and interpersonal communications skills are required as well as organizational, planning, and administrative abilities and the ability to coordinate multiple complex projects simultaneously
High level of integrity and strong ethical values
Experience with developing, extending, or modifying exploits, shellcode, or exploit tools
Nice-to-Have
SANS Certifications or Equivalent to: GPEN, GWAPT, or OSCP
NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS
Domestic and International travel of 10% (as required).
Other Job Details:
Last day to apply: April 07, 2023
Relocation assistance may be available based on business needs and/or eligibility.
Pfizer requires all U.S. new hires to be fully vaccinated for COVID-19 prior to the first date of employment. As required by applicable law, Pfizer will consider requests for Reasonable Accommodations.
Sunshine Act
Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider’s name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.
EEO & Employment Eligibility
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.