The Global Information Security (GIS) organization at Pfizer delivers three core responsive capabilities for Pfizer – Intrusion Detection & Analysis, Cyber Threat Intelligence, and Digital Forensics & Insider Threat. GIS secures Pfizer’s most important information assets through world-class controls and protections.  GIS enables Pfizer’s business results by making security an enabler and not a roadblock.  GIS strives to broaden the cybersecurity ownership culture across the company through targeted awareness campaigns and empowering colleagues to be risk aware.

The Red Team Sr. Associate position within the Security Consulting & Testing team will engage with business and technology teams to secure digital solution projects globally.  The associate will work to validate security controls and incident response through offensive security methods. The associate will work with security teams to enhance existing services by conducting hands-on technical testing focused on detection and response. Conduct full exploitation and leveraging of access within multiple environments, including complex Active Directory and mixed Windows and nix environment.

Associate will develop comprehensive and accurate reports and presentations for both technical and executive audiences. Identify, track, and communicate findings while developing remediation strategies with technical staff, executive leadership, and legal counsel.  Apply security testing and penetration testing techniques and mindset to a wide range of projects and promote an environment of innovation and knowledge sharing. The position is an individual contributor role with leadership and engagement with cross functional internal colleagues and external partners and reports to the Red Team, Manager within the GIS organization.

Role Responsibilities

• Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities through manual methodologies

• Create reports detailing vulnerabilities and risks, review reports with leadership

• Provide technical knowledge or experience developing automated scripts, using interpreted languages not limited to, Python or modern scripting languages

• Perform independent research on new and emerging exploits and tooling

• Understand gaps in detection capabilities and create opportunities to engage Blue Team activity

• Engage on multiple, concurrent, projects meeting project timelines and delivering defined results

• Work effectively in a team environment, including cross-unit and cross-divisional teams, and maintain poise and composure in difficult situations, with a professional attitude at all times

• Respond to ad hoc security request for Proof of concept or Post exploitation activities

• Conduct Red Teaming independently and with the team

Qualifications

Must-Have

• BS in Computer Sciences, Information Security, Information Systems, Engineering, Sciences, or related field

• 3 - 4 years of information and cybersecurity related experience

• Ability to analyze and track vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence

• Ability to work with teams independently and in a team-oriented, collaborative environment with strong attention to detail

• Experience with developing, extending, or modifying exploits, shellcode, or exploit tools

• Familiar with common methodologies conducting offensive security testing

• Ability to administer, and troubleshoot through use of Kali and Ubuntu as an attack platform

• Experience and knowledge of common C2 platforms

• Ability to proactively solve complex problems both individually and as part of a team

• Demonstrated commitment to training, self-study and maintaining proficiency in the cyber security domain

• Effective oral, written, and interpersonal communications skills are required as well as organizational, planning, and administrative abilities and the ability to coordinate multiple complex projects simultaneously

• High level of integrity and strong ethical values

• Experience with developing, extending, or modifying exploits, shellcode, or exploit tools

Nice-to-Have

• SANS Certifications or Equivalent to: GPEN, GWAPT, or OSCP

NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS

• Domestic and International travel of 10% (as required).

Other Job Details:

• Last day to apply: April 07, 2023

Relocation assistance may be available based on business needs and/or eligibility.