ROLE SUMMARYPfizer's Global Information Security (GIS) organization delivers proactive cyber defense for the global enterprise.Our mission is to secure all of Pfizer's digital information assets ranging from our scientific breakthroughs to the manufacturing floor, and out to the patients we serve.We achieve this mission through a combination of world-class talent, top-tier technologies, industry leading best practices, and the promotion of a cybersecurity ownership culture across the companyComprehensive threat management is vital to the security and resilience of Pfizer.The Associate, External Threat Analyst will oversee the operations of our External Attack Surface Management (EASM) solution.This role will work closely with our Global Information Security (GIS) teams to triage vulnerabilities and ensure effective remediation of findings.This collaboration will be vital in protecting Pfizer's digital environment from external threatsThis role calls for a blend of analytical prowess and technical proficiency to triage findings and coordinate with business units for remediation efforts.The incumbent will report to the Sr.Manager, Attack Surface Reduction.The Attack Surface Reduction team is part of the Secure Business Enablement (SBE) organization within Pfizer's Global Information Security divisionROLE RESPONSIBILITIES Primary responsibilities include leading the triage of external vulnerabilities identified by our EASM solution, developing strategies to effectively remediate these vulnerabilities, collaborating with business units to ensure timely resolution of findings, and maintaining up-to-date records of all remediation actions.Additional responsibilities include monitoring external threat landscapes, providing detailed analysis and reports on emerging threats, and assisting in the enhancement of external threat management processesTriage vulnerabilities identified by our External Attack Surface Management (EASM) solution to assess potential risks and prioritize remediation effortsCollaborate with business units to develop and implement remediation strategies for identified vulnerabilities, ensuring timely and effective resolutionMonitor external threat landscapes and provide detailed analysis and reports on emerging threats and vulnerabilitiesMaintain accurate and up-to-date records of all triaged vulnerabilities and remediation actions taken, ensuring compliance with security policies and standardsWork closely with the Sr.Manager, Attack Surface Reduction, and cross-functional teams to enhance the effectiveness of external threat management processes.Participate in regular security assessments and audits to identify areas for improvement in external threat management practicesAssist in the development and maintenance of documentation related to external threat management processes and proceduresCollaborate with the Global Information Security team to ensure alignment of external threat management efforts with overall security strategiesExercise sound judgment and decision-making, leveraging knowledge, experience, policies, procedures, and company values (Courage, Excellence, Equity, & Joy)Demonstrated ability to work in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.BASIC QUALIFICATIONS Bachelor's degree in Computer Science, Information Security, or a related field.(or equivalent work experience)<2 years' of experience or an internship in cybersecurity, vulnerability management, or a related fieldBasic knowledge of CVE and CVSS for cataloging vulnerabilities and prioritizing remediation effortsKnowledge of basic incident response processes and proceduresFamiliarity with cybersecurity frameworks and standards (e.g., NIST, ISO 27001)Strong communication skills, including the ability to write and verbally articulate security risk information to technical and non-technical stakeholdersAbility to work under general supervision and use own judgement to solve complex problems where needed.Strong desire to keep up to date with technology developments and learn new skillsPREFERRED QUALIFICATIONSRelevant coursework or certifications such as CompTIA Security+, CEH, or similarExperience with security assessment and auditing processes through coursework or internshipsFamiliarity with cloud security practices and toolsBasic knowledge of scripting languages (e.g., Python, PowerShell) for automation of vulnerability management processesBasic understanding of External Attack Surface Management (EASM) solutions and vulnerability management toolsExperience working in team projects or a collaborative environmentDemonstrated interest in staying current with evolving threat landscapes and emerging cybersecurity trends Work Location Assignment: On PremiseEEO (Equal Employment Opportunity) & Employment Eligibility Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, or disability.Information & Business Tech
