ROLE SUMMARY

Pfizer’s Global Information Security (GIS) organization delivers proactive cyber defense for the global enterprise.  Our mission is to secure all of Pfizer’s digital information assets ranging from our scientific breakthroughs to the manufacturing floor, and out to the patients we serve.  We achieve this mission through a combination of world-class talent, top-tier technologies, industry leading best practices, and the promotion of a cybersecurity ownership culture across the company

Comprehensive threat management is vital to the security and resilience of Pfizer. The Associate, Attack Surface Management will oversee the operations of our External Attack Surface Management (EASM) solution. This role will work closely with our Global Information Security (GIS) teams to triage vulnerabilities and ensure effective remediation of findings. This collaboration will be vital in protecting Pfizer's digital environment from external threats

This role calls for a blend of analytical prowess and technical proficiency to triage findings and coordinate with business units for remediation efforts. The incumbent will report to the Sr. Manager, Security Testing. The Security Consulting & Testing team is part of the Secure Business Enablement (SBE) organization within Pfizer’s Global Information Security division

ROLE RESPONSIBILITIES

Primary responsibilities include leading the triage of external vulnerabilities identified by our EASM solution, developing strategies to effectively remediate these vulnerabilities, collaborating with business units to ensure timely resolution of findings, and maintaining up-to-date records of all remediation actions. Additional responsibilities include monitoring external threat landscapes, providing detailed analysis and reports on emerging threats, and assisting in the enhancement of external threat management processes

• Triage vulnerabilities identified by our External Attack Surface Management (EASM) solution to assess potential risks and prioritize remediation efforts

• Collaborate with business units to develop and implement remediation strategies for identified vulnerabilities, ensuring timely and effective resolution

• Monitor external threat landscapes and provide detailed analysis and reports on emerging threats and vulnerabilities

• Maintain accurate and up-to-date records of all triaged vulnerabilities and remediation actions taken, ensuring compliance with security policies and standards

• Work closely with the Sr. Manager, Security Testing, and cross-functional teams to enhance the effectiveness of external threat management processes.

• Participate in regular security assessments and audits to identify areas for improvement in external threat management practices

• Assist in the development and maintenance of documentation related to external threat management processes and procedures

• Collaborate with the Global Information Security team to ensure alignment of external threat management efforts with overall security strategies

• Exercise sound judgment and decision-making, leveraging knowledge, experience, policies, procedures, and company values (Courage, Excellence, Equity, & Joy)

• Demonstrated ability to work in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.

Qualifications, Skills and Experience

Must-Have

• High School Diploma or equivalent education and proven relevant experience; ideally work experience or an internship in cybersecurity, vulnerability management, or a related field.

• Basic knowledge of CVE and CVSS for cataloging vulnerabilities and prioritizing remediation efforts

• Knowledge of basic incident response processes and procedures

• Familiarity with cybersecurity frameworks and standards (e.g., NIST, ISO 27001)

• Strong communication skills, including the ability to write and verbally articulate security risk information to technical and non-technical stakeholders

• Ability to work under general supervision and use own judgement to solve complex problems where needed.

• Research new security threats, vulnerabilities, and exploit techniques to identify new weaknesses and recommend remediation or mitigation

• Strong desire to keep up to date with technology developments and learn new skills

Nice-to-Have

• Bachelor’s Degree and Entry-level experience with computer operating systems, programming and/or scripting languages

• Relevant coursework or certifications such as CompTIA Security+, CEH, or similar

• Experience with security testing tools, proxies, port scanners, vulnerability scanners, & exploit frameworks

• Basic knowledge of scripting languages (e.g., Python, PowerShell) for automation of vulnerability management processes

• Basic understanding of External Attack Surface Management (EASM) solutions and vulnerability management tools

• Experience working in team projects or a collaborative environment

• Demonstrated commitment to training, self-study and maintaining proficiency in the cyber security domain

Purpose 

Breakthroughs that change patients' lives... At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.  

Digital Transformation Strategy

One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.

Flexibility  

We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation!  

Equal Employment Opportunity 

We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.

DisAbility Confident

We are proud to be a Disability Confident Employer and we encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments necessary to support your application and future career. Our mission is unleashing the power of our people, especially those with unique superpowers. Your journey with Pfizer starts here!