ROLE SUMMARY

Pfizer’s Global Information Security (GIS) organization delivers proactive cyber defense for the global enterprise. Our mission is to secure all of Pfizer’s digital information assets ranging from our scientific breakthroughs to the manufacturing floor, and out to the patients we serve. We achieve this mission through a combination of world-class talent, top-tier technologies, industry leading best practices, and the promotion of a cybersecurity ownership culture across the company.

The Manager, DevSecOps Architecture will play a pivotal role in enhancing the security posture of Pfizer’s applications by designing robust security measures throughout the software development lifecycle. This role will be instrumental in establishing secure coding practices, patterns, and guidelines, ensuring their seamless integration into the application architecture. By conducting thorough assessments of application integrations, providing guidance on secure coding, and participating in incident response activities, this role will contribute to the creation of a secure and resilient development environment.

The position requires a balance of technical expertise and effective communication skills to drive and support Attack Surface Reduction initiatives. The incumbent will report to the Manager, Attack Surface Reduction. The Attack Surface Reduction team is part of the Secure Business Enablement (SBE) organization with Pfizer Global Information Security.

ROLE RESPONSIBILITIES

Primary responsibilities include designing and implementing security measures within Pfizer’s development environment. This includes creating strategic security architectures, assessing application vulnerabilities, and advising on security best practices. This role will collaborate closely with development teams to integrate security seamlessly into the application architecture, ensuring the identification and mitigation of vulnerabilities. Additionally, this role will provide guidance on secure coding practices and foster a security-centric mindset within Pfizer’s software development ecosystem.

• Lead the design and implementation of robust application security measures throughout the software development lifecycle

• Design and manage the overall security architecture for applications, collaborating with development teams and implementing Infrastructure-as-code (IaC) blueprints with baked-in security

• Take ownership and accountability for architecting cloud-based security orchestration platforms using DevOps and CI/CD tools to be consumed in development pipelines

• Develop strategies for integrating security measures into the API development lifecycle and leading threat modeling exercises to identify potential security threats and vulnerabilities

• Develop and implement incident response plans for API security breaches

• Author and own secure coding standards and policies with a specific emphasis on threat modeling, architecture review, and security control design

• Provide thought leadership by fostering and building a community of practice for collective learning of security tools, practices, and systems across all disciplines within Pfizer

• Collaborate with technical and non-technical business units to understand their needs and translate them into requirements and designs for application security

• Oversight of contracted resources (as required)

• Exercise sound judgment and decision-making, leveraging knowledge, experience, policies, procedures, and company values (Courage, Excellence, Equity, & Joy)

BASIC QUALIFICATIONS

• Bachelor’s degree with five years of relevant experience; OR Master’s degree with three years of relevant experience; OR Associate's degree with eight years of relevant experience; OR Ph.D. with 0+ years of experience; OR 10 years of relevant experience with a high school diploma or equivalent

• Demonstrated expertise in AppSec, DAST, SAST, SCA/SBOM, OWASP Top 10, API Security and other relevant areas

• Experience with automated build, testing and continuous deployment of Cloud based applications

• Demonstrated experience in designing, implementing, and maintaining application security measures throughout the development lifecycle

• Demonstrated experience in conducting thorough threat modeling exercises, identifying vulnerabilities in application architecture, and devising effective mitigation strategies

• Strong understanding of secure coding practices and experience influencing secure development methodologies

• Experience working in a matrixed team environment

• Experience with one or more scripting languages, such as Python, Bash, or PowerShell

• Ability to work independently with minimal instruction on complex problems andbe able to work as a team player

• Outstanding communication skills, including the ability to communicate potentially complex information in a concise, accurate, and complete manner in both written and verbal form

• Ability to manage multiple competing tasks simultaneously and complete work within allocated timeframes

• Strong desire to keep up to date with technology developments and learn new skills

PREFERRED QUALIFICATIONS

• In-depth understanding of cloud security principles and hands-on experience with cloud platforms such as AWS, Azure, or Google Cloud

• Strong understanding and experience with RESTful API’s

• Advanced knowledge of one or more scripting languages, such as Python, Bash, or PowerShell

• Experience with one or more programming languages, such as Type/JavaScript, JAVA, or PHP

• Strong understanding of DevOps pipeline and CI/CD tools

• Experience with Agile methodologies

• Extensive experience and expertise in leveraging GitHub Actions for automating security processes within the development pipeline

• Demonstrated mastery in utilizing SIEM for monitoring and analyzing security events

ORGANIZATIONAL RELATIONSHIPS

• Attack Surface Reduction (ASR)

• Secure Business Enablement (SBE)

• Global Information Security (GIS)

• Enterprise Platform and Services (EP&S) Management & Teams

• Pfizer Digital Teams

• Business Leaders as required.

NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS

• Work Location Assignment: Hybrid: Hybrid colleagues must be able to work in Pfizer Collegeville office 2-3 days per week, or as needed by the business to connect and innovate with their team face-to-face. However, they also benefit from being able to work offsite regularly when it makes business sense to do so.

• Other Job Details:

• Last day to apply: January 21, 202

The annual base salary for this position ranges from $93,500.00 to $155,900.00. In addition, this position is eligible for participation in Pfizer’s Global Performance Plan with a bonus target of 12.5% of the base salary and eligibility to participate in our share based long term incentive program. We offer comprehensive and generous benefits and programs to help our colleagues lead healthy lives and to support each of life’s moments. Benefits offered include a 401(k) plan with Pfizer Matching Contributions and an additional Pfizer Retirement Savings Contribution, paid vacation, holiday and personal days, paid caregiver/parental and medical leave, and health benefits to include medical, prescription drug, dental and vision coverage. Learn more at Pfizer Candidate Site – U.S. Benefits | (uscandidates.mypfizerbenefits.com). Pfizer compensation structures and benefit packages are aligned based on the location of hire. The United States salary range provided does not apply to Tampa, FL or any location outside of the United States.

Relocation assistance may be available based on business needs and/or eligibility.

Information & Business Tech

#LI-PFE