Cloud Security Engineer
Citeline is one of the world's leading providers of data and intelligence on clinical trials, drug treatments, medical devices and what's new in the regulatory and commercial landscape. Relying on us to deliver vital advantage when making critical R&D and commercial decisions, our customers come from over 3000 of the world’s leading pharmaceutical, contract research organizations (CROs), medical technology, biotechnology and healthcare service providers, including the top 10 global pharma and CROs.
From drug and device discovery and development to regulatory approval, and from product launch to lifecycle management, we provide the intelligence and insight to help our customers seize opportunities, mitigate risk and make business-critical decisions, faster. As the pharma and healthcare sector faces unparalleled upheaval, customers rely on our independent advice, enabling them to cut through the clutter and make sense of changing drug development, regulatory and competitive landscapes.
Until recently, we were a division of Informa, the FTSE 100 British publishing, business intelligence, and exhibitions group based in London. However, as of November 2022, we have joined Norstella, a group of prominent pharmaceutical solutions providers that help clients navigate complexities at each step of the drug development life cycle, from pipeline to patient.
We are looking for someone who is motivated, driven, and passionate about cloud security and finding solutions to complex business challenges. If you join the Citeline Information Security team, your mission will be to help us build and operate our cloud security program. You will have the exciting opportunity to work with our developers and DevOps engineers to create low-friction, high-impact solutions that minimize information security risk to our company, customers, and partners.
- This is a hands-on technical position, with a mixture of architecture, design, implementation, and operations responsibilities
- Ensure the secure operations of Citeline cloud infrastructure, platforms, and software, through the installation, maintenance, and continuous improvement of cloud security capabilities
- Translate business needs into security and technical requirements and communicate security risks to relevant stakeholders ranging from business leaders to technologists
- Provide subject matter expertise on information security architecture and systems engineering to technology and business teams
- Create cloud security policies and standards as a part of the larger information security policy framework
- Work closely with GRC team to develop and maintain cloud security designs necessary to achieve compliance requirements including SOX, ISO 27001, SOC 2, PCI, HIPAA/HITECH, and GDPR
- Implement cloud security controls to rapidly detect and respond to information security incidents; participate as needed in security incidents
- Stay current with industry best practices in cloud security and the evolving threat landscape; implement and update cloud security capabilities accordingly
- Work closely with product security engineers to create and maintain threat models and associated remediation recommendations
- Analyze, design, develop, and operate programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context
- Lead and participate in large cross-functional projects
- Create and maintain thorough technical documentation and runbooks
- Cloud security engineering experience with deep expertise in AWS
- Deep understanding of web application architecture and design principles
- Solid grasp of full-stack engineering: front-end/backend, API and service architecture design, web infrastructure and distributed systems
- Knowledge in authentication and authorization standards including OAuth, SAML, etc
- Strong understanding of Infrastructure-as-Code and experience with Terraform
- Experience securing containers and Kubernetes
- Ability to write reliable Python software
- Experience with DevOps and automation mindset and tools required (Jenkins, TeamCity, etc)
- In-depth knowledge of common security flaws and resolution as published by OWASP, SANS, etc
- Experience in regulated environments regarding change management, security controls, compliance efforts (HIPAA/HITRUST, SOC 2, ISO 27001)
- Experience in Linux and Windows administration
- Proven track record for delivering results while developing and maintaining professional work relationships
- Advanced interpersonal and communication skills with the ability to collaborate effectively in a team environment and promote ideas at various levels of the organization
- Strong self-directed work habits exhibiting initiative, drive, creativity, maturity, self-assurance, professionalism and the ability to autonomously manage multiple concurrent projects
- Advanced analytical and decision-making skills
- Excellent written and verbal communication skills and the ability to translate security objectives into technical requirements
- Ability to communicate technical concepts to business stakeholders
- Ability to see patterns, commonalities and investigate complex issues
- Excellent judgement in prioritizing security efforts to mitigate the appropriate risks
- An ability to reason about security decisions and communicate security requirements
Employee experience is very important to us at Citeline. On top of joining a supportive, diverse and ambitious team that welcomes all types of candidates. We are also flexible with different working patterns and prioritizes promotions internally. Our benefits include:
- Medical Benefits, Dental Benefits, Vision Benefits
- Flexible Spending Account (FSA), Health Savings Account (HSA)
- Basic Life and Personal Accident Insurance, Basic Disability Insurance, Voluntary Group Life Insurance, Voluntary Personal Accident Insurance
- 401k Plan with Employer match
- Paid Time Off (PTO) – 10 Company Holidays, 15 Vacation Days, 2 Floating Holidays, Birthday Day and 4 Volunteer Days
- Bright and friendly staff who are all “expert’s experts” and additional training and development for helping you achieve your career aspiration
We know that sometimes the 'perfect candidate' doesn't exist, and that people can be put off applying for a job if they don't fit all the requirements. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. You could be just what we need! We believe strongly in the value of diversity and creating supportive, inclusive environments where our colleagues can succeed. As such, Citeline is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, ancestry, national origin, religion, or religious creed, mental or physical disability, medical condition, genetic information, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, gender expression, age, marital status, military or veteran status, citizenship, or other protected characteristics under law.
The expected base salary for this position ranges from $140,000 to $190,000. It is not typical for offers to be made at or near the top of the range. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also considered. In addition to base salary and a competitive benefits package, successful candidates are eligible to receive a discretionary bonus.