Lead InfoSec Engineer (Cloud Security)

Req ID #:  214270
Location: 

US Ashland, OH, US, 44805 Houston, TX, US, 77047 Montreal (Senneville), Quebec, CA, H9X 3R3 MILANO, Milan, IT, 20122 New Haven, CT, US, 06519-6052 Boston, MA, US, 02116 Charleston, SC, US, 29407 Irvine, CA, US, 92612 Newark, DE, US, 19711 Raleigh, NC, US, 27610 Morrisville, NC, US, 27560 Dublin, IE, D09

At Charles River, we are passionate about improving the quality of people’s lives. When you join our global family, you will help create healthier lives for millions of patients and their families. 

Charles River employees are innovative thinkers, who are dedicated to continuous learning and improvement. We will empower you with the resources you need to grow and develop in your career. 

As a Charles River employee, you will be part of an industry-leading, customer-focused company at the forefront of drug development. Your skills will play a key role in bringing life-saving therapies to market faster through simpler, quicker, and more digitalized processes. Whether you are in lab operations, finance, IT, sales, or another area, when you work at Charles River, you will be the difference every day for patients across the globe.

 

IMPORTANT:   In order to be considered for this position, a resume/CV must be uploaded and submitted during the application process.  Please make sure work history and education are added correctly.   


 

Job Summary

 

The cloud security engineer helps architect, deploy and operate a secure cloud application infrastructure that aligns with business needs. The position is responsible for supporting operational innovation and providing security direction to the business to elevate the company’s security posture within a cloud computing infrastructure. An advanced role, the cloud security engineer helps deliver applications at scale and with resiliency to support business initiatives. The cloud security engineer is also expected to possess advanced administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. The cloud security engineer should be adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance.  

 

In tandem with security leadership, cloud security engineers consistently assess the threat landscape and adapt quickly to protect the business from risk. They must be highly technical and possesses at least 8 years’ experience in security and systems administration across a wide variety of cloud infrastructure, including software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS). They are also expected to have a strong work ethic, leverage analytical and critical thinking, and be skillful at meeting change requests at a moment’s notice. Because the role often interfaces with other business units, strong listening and communication skills are expected. 

 

Job Duties:

  • Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
  • Secure business applications and computing environments across public, private or hybrid cloud infrastructure.
  • Protect business applications in compliance with privacy, security, business resiliency and compliance frameworks as defined in corporate policies.
  • Maintain a consistent, secure environment using configuration management solutions (e.g., Puppet, Chef, Ansible, etc.). Conduct rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
  • Assist with development, maintenance and utilization of scripts (e.g., Python, Ruby, etc.) to support custom extract, transform load (ETL) tools with a security focus for data flow.
  • Attend regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations.
  • Actively monitor, assess and recommend tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments.
  • Manage remediation efforts after security assessment findings outline weaknesses requiring attention. 
  • Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
  • Assist in maintaining strong oversight with cloud computing vendors and solution providers to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
  • Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply learned knowledge across key lines of business, including products, practices, and procedures.
  • Attend and fully engage in change and project management meetings.
  • Perform other duties as assigned.

Job Qualifications

 

Education:  Bachelor’s degree (B.A./B.S.) or equivalent in computer science, information technology, or related discipline.

Experience:  At least 8+ years’ experience in cybersecurity as a practitioner and with at least 3-4+ years exposure with Amazon Web Services (AWS) and/or Microsoft Azure.

  • An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above.

Certification/Licensure:  IT security related certification desired (e.g., CCSP, CISSP, AWS Certified Cloud Practitioner or additional AWS advanced certifications such as AWS Certified DevOps Engineer, or similar professional certification).

Other:  

  • Familiarity with tools such as Git, Jenkins, Chef, Puppet and Salt.
  • Experience in cloud computing technologies (AWS and Azure), including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.
  • Familiarity with security tools such as Docker, Kubernetes and AWS CloudTrail.
  • Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls. 
  • Network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP and public key infrastructure (PKI).
  • Experience writing technical documentation.
  • Experience with one or more of the following: ISO 27001, NIST, Payment Card Industry Data Security Standard (PCI DSS), Health Information Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Sarbanes-Oxley Act (SOX) the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2.


 

IMPORTANT: A resume is required to be considered for this position. If you have not uploaded your resume in your candidate profile, please return to upload field and attach your resume/CV. 
 

About Corporate Functions
The Corporate Functions provide operational support across Charles River in areas such as Human Resources, Finance, IT, Legal, Sales, Quality Assurance, Marketing, and Corporate Development. They partner with their colleagues across the company to develop and drive strategies and to set global standards. The functions are essential to providing a bridge between strategic vision and operational readiness, to ensure ongoing functional innovation and capability improvement.  

 

About Charles River
Charles River is an early-stage contract research organization (CRO). We have built upon our foundation of laboratory animal medicine and science to develop a diverse portfolio of discovery and safety assessment services, both Good Laboratory Practice (GLP) and non-GLP, to support clients from target identification through preclinical development. Charles River also provides a suite of products and services to support our clients’ clinical laboratory testing needs and manufacturing activities. Utilizing this broad portfolio of products and services enables our clients to create a more flexible drug development model, which reduces their costs, enhances their productivity and effectiveness to increase speed to market.

 

With over 20,000 employees within 110 facilities in 20 countries around the globe, we are strategically positioned to coordinate worldwide resources and apply multidisciplinary perspectives in resolving our client’s unique challenges. Our client base includes global pharmaceutical companies, biotechnology companies, government agencies and hospitals and academic institutions around the world. 
 

At Charles River, we are passionate about our role in improving the quality of people’s lives. Our mission, our excellent science and our strong sense of purpose guide us in all that we do, and we approach each day with the knowledge that our work helps to improve the health and well-being of many across the globe. We have proudly supported the development of 86% of the drugs approved by the FDA in 2021.
 

Equal Employment Opportunity
Charles River Laboratories is an Equal Opportunity Employer - all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, veteran or disability status.

If you are interested in applying to Charles River Laboratories and need special assistance or an accommodation due to a disability to complete any forms or to otherwise participate in the resume submission process, please contact a member of our Human Resources team by sending an e-mail message to crrecruitment_US@crl.com. This contact is for accommodation requests for individuals with disabilities only and cannot be used to inquire about the status of applications.
 

For more information, please visit www.criver.com.


Job Segment: Cloud, Developer, Pharmaceutical, Testing, Laboratory, Technology, Science