Senior Cyber Intrusion Analyst

**ROLE SUMMARY**

The Global Information Security (GIS) organization at Pfizer delivers three core responsive capabilities for Pfizer - Intrusion Detection & Analysis, Cyber Threat Intelligence, and Digital Forensics & Insider Threat. GIS secures Pfizer’s most important information assets through world-class controls and protections. GIS enables Pfizer’s business results by making security an enabler and not a roadblock. GIS strives to broaden the cybersecurity ownership culture across the company through targeted awareness campaigns and empowering colleagues to be risk aware.

The Senior Cyber Intrusion Analyst will report into the Intrusion Detection & Analysis team and will focus on responding to network security events and building a deep understanding of cybersecurity attacks against Pfizer. The Senior Cyber Intrusion Analyst will be expected to lead event correlation across large datasets, perform and drive complete attack lifecycle analysis, develop remediation plans, implement proactive and reactive countermeasures, and create innovative solutions to the security issues that face the Pfizer environment.

**ROLE RESPONSIBILITIES**
- Leveraging security data from internal sensors (IDS, Firewall, SIEM, Proxy, hosts) and external sources (Industry portals, threat intel feeds, etc) to identify high priority alerts and perform attack life-cycle analysis to develop/implement proactive mitigations.
- Utilize understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation to conduct analysis across forensic evidence, log data, compromised hosts, and network traffic
- Review security incidents and alerts; determine their severity and impact to the Pfizer enterprise along with detailed response actions
- Required to stay up to date with current vulnerabilities, attacks, and countermeasures, along with staying current with all security related news and developments.
- Drive process creation and improvement by developing internal Tactics, Techniques, and Procedures (TTPs) for analysis, establishing reporting criteria, structure, and operational reports
- Assist to mentor junior analysis and provide guidance on technical steps and incident response processes
- Demonstrate commitment to training, self-study and maintaining proficiency in the technical cyber security domain.
- The analyst must be able to work well with a team, including cross-unit and cross-divisional teams, and must be able to maintain poise and composure in difficult situations, with a professional attitude at all times

**BASIC QUALIFICATIONS**
- BS in Computer Sciences, Information Security, Information Systems, Engineering, Sciences or related field.
- 2-4 years of domain relevant experience preferred
- Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs)
- Demonstrated understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
- Entry level knowledge of the Windows operating system, system utilities, admin functions
- Ability to interpret log data and draw analytical conclusions
- Experience with open source security analysis tools such as Wireshark, SNORT, Splunk, Kali Linux, Sift, etc.
- Experience with Computer programming and scripting languages such as C, Python, Java, etc.
- Ability to proactively solve complex problems both individually and as part of a team.
- Effective oral, written, and interpersonal communications skills are required as well as organizational, planning, and administrative abilities and the ability to coordinate multiple complex projects simultaneously.

**PHYSICAL/MENTAL REQUIREMENTS**

**NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS**

Domestic and International travel of 10-20% (as required)