Senior IT Security Engineer
Pharmacyclics is committed to the development and commercialization of novel therapies intended to improve the quality and duration of life and to resolve serious unmet medical needs for cancer patients. Pharmacyclics is a wholly-owned subsidiary of AbbVie (NYSE:ABBV), a global, research-based biopharmaceutical company. Oncology is a key therapeutic area for AbbVie, with a portfolio consisting of three marketed products and a pipeline containing multiple promising new molecules that are being studied in more than 200 clinical trials for over 20 different types of cancer.
More than 1,200 Pharmacyclics and AbbVie research scientists, clinicians, marketing, operations and corporate professionals work in the San Francisco Bay Area. They combine their expertise in immuno-oncology, stem cells, and cell-signaling with their knowledge of bispecific antibodies, antibody-drug conjugates (ADCs), and covalent-inhibitor technologies to discover and develop novel cancer treatments. Together, we are striving to outsmart cancer.
General Position Summary/Purpose:
Reporting to the Director of IT Security and Infrastructure, the IT Sr Security Engineer is a key member of the IT Architecture, Security, Infrastructure Team supporting the Information Technology organization within Pharmacyclics, in the development, implementation, maintenance, and compliance of IT security solutions across the enterprise.
The IT Sr Security Engineer is also responsible for managing risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance. In addition, this role ensures all staff members are trained on enterprise and governmental security requirements through awareness programs.
- Develops and implements security technologies, standards, processes, policies, and guidelines for the enterprise including Identity and Access management
- Ensures and monitors security compliance with industry and government rules and regulations
- Ensures security compliance and meets all service-level agreements requirements
- Reports security performance against established security metrics
- Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
- Coordinates with other IT groups to assess, implement, and monitor IT-related security risks/hazards
- Ensures Identity and Access reviews are performed periodically and follow through on findings and remediation's
- Follow standards in accordance with company policies and regulations (SOX, 21 CFR Part 11, FDA/GMP, NIST, ISO 27001, Six Sigma, etc.)
- Prepare and present Security testing findings to stakeholders.
- Lead and manage continuous improvement initiatives within the team
- Bachelor's Degree and minimum 5+ years of work experience with a global company
- Experience planning and executing IT Security initiatives end to end
- Execution of Security Assessments, including Vulnerability testing and remediation, Penetration testing etc.
- Experience with Endpoint Security solutions such as McAfee Suite including Anti-virus, DLP, and Encryption. Including malware remediation techniques.
- Implementation and Management of SIEM technologies, preferred SPLUNK, Enterprise Security App.
- Implementation and management of Qualys Vulnerability Management suite
- Implementation and maintenance of CyberArk Privileged Access Management suite
- Implementation and maintenance of Active Directory, Okta Single Sign-On, and 2-factor authentication solutions
- Experience with Palo Alto Networks Next Generation Firewall, WildFire, Cyvera Traps
- Experience with Endpoint Forensics using tools such as EnCase Enterprise
- Experience with Mail Gateways such as Mimecast or Proofpoint
- Familiarity with Dell SecureWorks managed Security Services such as 24*7 monitoring and Incident Response processes.
- Experience with BYOD and Mobile Device Management
- Experience with User Behavior Analytics and Cyber Threat Intelligence solutions preferred.
- Experience analyzing and applying information security, risk management, and privacy practices
- Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, NIST, CSA STAR.
- Self-starter / tenacious problem solver
- Ability to work on a team or independently
- Technical Leadership capability with Project and time management skills
- Excellent communication, verbal and writing skills.
- Ensure that the IT team is consistently projected in a positive light with the business users
- Ability to react to high pressure dynamic changing environments
- Ability to train security/audit concepts
Equal Opportunity Employer Minorities/Women/Veterans/Disabled