20 days old

Lead Cybersecurity Attack & Penetration Tester

Pfizer
Collegeville, PA 19426
Apply Now
Apply on the Company Site
**ROLE SUMMARY**

The Global Information Security (GIS) organization delivers proactive cyber defense for the global Pfizer enterprise. Our mission is to secure all of Pfizer's digital information assets ranging from the manufacturing floor, to the core data centers, and out to our patient facing solutions. We achieve this mission through a team of world-class talent that focuses on building strong partnerships to build security into all aspects of our business. Across GIS we utilize top-tier technologies, industry leading best practices, advanced analytics and the promotion of a cybersecurity ownership culture to drive results for the enterprise.

The Cybersecurity Penetration Testing Lead is the technical lead for attack and penetration testing and red team assessments within Pfizer Digital Global Information Security (GIS). The mission of this team is to reduce the company attack surface and enhance the company protections. The lead will utilize their technical and creative skills for threat and risk analysis to evaluate innovative solutions through Pfizer's various businesses. They will also manage and mentor the technical analysts on the team.

At Pfizer, you will find a company as focused on its internal culture as it is on its external reputation. You will have the opportunity to partner with colleagues of diverse backgrounds and abilities, people who contribute to all aspects of what we do-from drug development to marketing, technology to sales, and so much more



**ROLE RESPONSIBILITIES**

Performing and/or coordinating manual Attack and Penetration (A&P) testing, utilizing and leveraging the latest technologies in this role (ie -applications, mobile applications, various platforms, cloud solutions, web services, databases, IoT)

Execute and/or lead red team assessments to highlight gaps impacting organization security posture

Researching new/emerging security threats, vulnerabilities and exploit techniques

Responding to new attack surfaces and help implement new requirements as needed

Develop, manage, and maintain security testing frameworks

Develop and lead training for technical testers

Ability to work both independently and in a team-oriented, collaborative environment

Oversee quality of service delivery, performance measurement, and communication to Pfizer Digital and Technology Client Partners and Solutions team

Manage and provide technical guidance and oversight for technical resources

Compile and analyze operational data and create high-level reports and metrics for management

Work well in a team environment including cross-functional and cross-organizational teams maintaining composure in difficult situations with a professional attitude and ownership mindset

Partner with global team members to drive secure outcomes based on industry best practices

Partner with the Incident Response team on developing new detections based on trending attack surfaces

Deep knowledge of OWASP framework and concepts



**BASIC QUALIFICATIONS**

BS in Computer Sciences, Information Security, Information Systems, Engineering, Sciences or related field

Preferred 3-5 years' experience managing technical resources for security services

3-5 years of experience in IT within a large corporate enterprise

3-5 years of demonstrated manual security testing

Strong understanding of IT operations and service support processes, ITILv3 certification preferred

Security certifications are desired but not required (CISSP, GIAC, CEH, CISM, CISSP, OSCP, MSCE Plus Security).

High level of integrity and strong ethical values

Outstanding communication skills, including the ability to write and verbally articulate industry terminology to interact at a technical level, management level and senior executive level

Strong understanding of industry frameworks and best practices: Cloud Security Alliance (CSA), NIST, SANS, CIS

Strong leadership skills with the ability to manage contracted offshore resources

Ability to discreetly conduct security investigations while maintaining privacy of the effort

Deep technical fluency and delivery experience with AWS, Azure, Google environments

Strong analytical capabilities, with ability to reliably infer information and interpolate results from potentially incomplete data.

Organizational, planning, and administrative abilities and the ability to coordinate multiple complex projects simultaneously

Strong interpersonal, communication, influencing, analytical and problem-solving skills

Ability to set and manage expectations with key stake-holders and team members

Quickly escalates customer satisfaction concerns to management but does so with recommended approaches to addressing the concerns.

Experience with: Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (ex: Burp, nmap, Nessus), Security configuration and operation of UNIX (Solaris), AWS and similar Cloud Platforms, Linux, Android, iOS and Windows systems, IoT, software-medical devices

Programming or scripting in python, ruby, or PowerShell

Experience conducting Red Team assessment



\#LI-PFE

**Sunshine Act**

Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider's name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.



**EEO & Employment Eligibility**

Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.



+ **Last Date to Apply: February 15, 2020**

+ **Eligible for Employee Referral Bonus**



**Sunshine Act**

Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations. These laws and regulations require Pfizer to provide government agencies with information such as a health care provider's name, address and the type of payments or other value received, generally for public disclosure. Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act. Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government. If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.



**EEO & Employment Eligibility**

Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA. Pfizer is an E-Verify employer.



Information & Business Tech
Posted: 2020-01-27 Expires: 2020-02-27

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Lead Cybersecurity Attack & Penetration Tester

Pfizer
Collegeville, PA 19426

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast