Senior Manager - Stone Cross, East Sussex, United Kingdom - Workingmums

Description

The Global Information Security (GIS) organization secures Pfizer's most important information assets through world class talent, top security controls and an empowered culture that serves to enable Pfizer's mission of delivering breakthroughs that change patients' lives.

The Cyber Threat Emulation team will be responsible for conducting advanced adversary emulation testing using various tactics and techniques based on known or realized threats.

They will frequently collaborate with the Cyber Threat Intelligence, Cyber Threat Hunting, Intrusion Detection and Analysis and Threat Detection Engineering teams to ensure known defensive gaps are identified and addressed in a timely manner.

The Senior Manager, Cyber Threat Emulation defines the vision, strategy, and execution of the Cyber Threat Emulation program.

They will have previous experience building out a Red/Purple team or Threat Emulation program, leading a team of analysts and interfacing well with peer organization teams.

This position is responsible for managing individual contributors that will engage with cross functional internal colleagues and external partners. The Senior Manager will report to the Director, Global Threat Research in the Pfizer Global Information Security organization.


ROLE RESPONSIBILITIES

• Build the vision and strategy for the Cyber Threat Emulation program.
• Plan and execute continuous threat emulation testing.
• Design and implement technical systems that will enable the execution of manual or automated adversary emulation testing in a secure manner.
• Acquire and maintain an advanced understanding of adversary tactics and techniques.
• Produce quarterly metrics that provide insight into program accomplishments and progress.
• Mentor colleagues to support continuous skillset and career growth.
• Partner with the Cyber Threat Intelligence team to foster an intelligence informed threat emulation program.
• Collaborate with peer teams such as Intrusion Detection and Analysis (IR), Cyber Threat Hunting and Detection Engineering to continually assess known defensive gaps based on threat emulation testing results.

BASIC QUALIFICATIONS

• Applicant must have a Bachelors degree with three years of relevant experience; OR Master's degree with one year of relevant experience; OR Associate's degree with six years of relevant experience; OR eight years of relevant experience with a high school diploma or equivalent
• Extensive in-role experience leading Red, Purple or Threat Emulation teams.
• Extensive experience and knowledge of conducting advanced adversary emulation testing in a corporate environment against networks to include Windows, Linux, or Mac operating systems and cloud environment (AWS, Azure, GCP) technologies.
• Advanced knowledge of adversary techniques across multiple MITRE ATT&CK tactics and intrusion phases.
• Experience developing secure testing environments to support threat emulation testing.
• Experience using common C2 frameworks or offensive security tools.
• Advanced understanding of common information technology topics involving operating systems (Windows, Mac, Linux) and computer networking.
• Demonstrated experience leading and mentoring colleagues.

PREFERRED QUALIFICATIONS

• Experience developing custom tools or frameworks in support of threat emulation testing.
• Experience developing proof of concept code and exploiting known vulnerabilities.
• Relevant advanced cyber security certifications from GIAC or Offensive Security such as GPEN, GXPN, GCPN, OSCP or similar.
• Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.

Work Location Assignment:
Sandwich, Kent, with flexibility

#J-18808-Ljbffr