May 19, 2021
Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. Backed by venture investors such as Glynn Capital, Google Ventures, Redmile Group, dRx Capital and Lux Capital, we are revolutionizing the clinical trial industry one patient at a time. To help us achieve our goal, we are seeking an IT Senior Security Engineer & Administrator eager to make an impact within a mission-driven organization.
The IT Sr. Security Engineer & Administrator will be looked upon to lead the company’s corporate Security Program and serve as the company’s first line of defense against malicious actors and activities. The incumbent will assess and evaluate the company’s IT security environment for risks, gaps, and improvement, to develop a plan and execute to harden our security posture to minimize risk and prevent security incidents and breaches. The IT Sr. Security Engineer & Administrator will train employees on security best practices and advise management on investments to safeguard the company’s computer and network systems.
Duties and Responsibilities
Duties include but are not limited to:
Evaluating and testing security software and tools.
Perform Cybersecurity Assessments on vendors, systems, and personnel.
Managing monitoring, reporting and remediation on network and systems for vulnerabilities, breaches and intrusions.
Installing software, such as firewalls and data encryption programs.
Responsible for the installation or processing of new security products and procedures.
Responsible for managing Assisting with developing security standards and best practices for the organization.
Making recommendations for security enhancements to management as needed.
Developing strategies to respond and recover from security breaches.
Lead IT in sponsor audits and responding to security questionnaires.
Lead IT in monthly departmental security reporting.
Lead IT in quarterly internal company oversight committees (i.e., Privacy & Security, Security Champions, Quality Management Review, Audit)
Lead IT in quarterly and annual Access Control Audits.
Lead IT in annual security and BCP testing of the corporate infrastructure (cyber and physical).
Ability to work in a 24/7 environment to respond to security incidents.
A Bachelor’s Degree in Computer Science, IT, Systems Engineering or related qualification.
Certifications such as CISSP, GSEC, CEH or CISM desired.
3 years of work experience in cybersecurity, incident detection, incident response and forensics.
Experience with Firewalls (functionality and maintenance), Cisco Meraki, Cisco Umbrella, Mail Security, Vulnerability and Patch Management Systems, and Endpoint Protection.
Experience managing, maintaining, and supporting corporate Security Awareness Systems and Programs.
Security - Thorough knowledge of cloud security and industry best practices and frameworks such as NIST, SOC 2, ISO 27001, HIPAA.
Networking - Understanding of network topologies, common networking protocols and services (DNS, DHCP, SMTP).
Strong analysis and problem-solving skills.
Project Management - Experience creating and managing project plans and deliverables. Ability to manage multiple projects simultaneously.
Industry - Experience in SaaS, Healthcare/Medical and Life Sciences, or in a regulated industry.
Excellent understanding of technology infrastructures using Firewalls, VPN, Data Loss Prevention, and IDS/IPS.
Comfortable working with a variety of technologies, security problems, and troubleshooting of the network.
Ability to prioritize projects and meet tight deadlines.
Excellent communication skills (verbally and written).
Experience with developing security related policy and SOPs.
Outstanding analytical and problem-solving skills.
An understanding of cybersecurity best practices and how to implement them at a business-wide level.
Develop, execute, and track the performance of security measures to protect information, network infrastructure, and computer systems.
Design computer security strategy and engineer comprehensive cybersecurity architecture.
Identify, define, and document system security requirements and recommend solutions to management.
Configure, troubleshoot, and maintain security infrastructure software and hardware.
Install software that monitors systems and networks for security breaches and intrusions.
Monitor systems for irregular behavior and set up preventive measures.
Plan, develop, implement, and update company's information security strategy.
Educate and train staff on information system security best practices.
Participate in sponsor audits and respond to security questionnaires.
Ability and expertise in creating security reports and providing thorough analysis.
Ability to perform and document cybersecurity assessments and make recommendations for remediation.
Research security gaps and/or weaknesses and find ways to counter them.
Find cost-effective solutions to cybersecurity problems.
Strong attention to detail with an analytical mind and outstanding problem-solving skills.
Great awareness of cybersecurity trends and hacking techniques.
Up to 20% travel, as needed, for project team meetings, client presentations and other professional meetings/conferences as needed.
Ability to communicate in English (both verbal and written).
Ability to work under pressure in a fast-paced environment.
Position reports to the Director, Information Technology who will also assign projects, provide general direction and guidance. The incumbent is expected to perform duties and responsibilities with minimal supervision.
No direct reports