Security Engineer, Senior
TraceLink’s software solutions and Opus Platform help the pharmaceutical industry digitize their supply chain and enable greater compliance, visibility, and decision making. It reduces disruption to the supply of medicines to patients who need them, anywhere in the world.
Founded in 2009 with the simple mission of protecting patients, today Tracelink has 8 offices, over 800 employees and more than 1300 customers in over 60 countries around the world. Our expanding product suite continues to protect patients and now also enhances multi-enterprise collaboration through innovative new applications such as MINT.
Tracelink is recognized as an industry leader by Gartner and IDC, and for having a great company culture by Comparably.
As part of the Security Team, this individual is responsible for leading security efforts focused on TraceLink’s corporate environment, both on-premise and in the cloud. This includes the design, implementation, operation, management, and monitoring of our security solutions designed to identify threats, protect the organization, and respond accordingly. Key focus areas are securing corporate assets, threat and vulnerability management, incident management and response, and supporting business needs with new ventures. This role will also help champion Security's message across the company by leading security awareness initiatives.
- Strategic / Consultative
- Provide enterprise security expertise and guidance around security issues and recommend solutions to mitigate and eliminate risk to TraceLink information assets
- Contribute to the development and enhancement of policies and procedures aligned with ISO 27001 and other industry standards, frameworks, and best practices
- Drive security awareness program
- Review security capabilities and proactively work to identify and implement new capabilities
- Evaluate and recommend new and emerging security products and technologies
- Understand attacker methodology and defend against them by threat hunting, building detection mechanisms, and automating remediation procedures
- Conduct security assessments of on-premise and cloud environments to ensure security gaps are identified and implement remediation actions
- Implement/enhance tooling and reporting to ensure comprehensive visibility of issues
- Respond to security incidents; partner with other teams as needed to resolve
- Drive improvements to design and operational effectiveness of security controls
- Maintain current standard operating procedures, controls documentation, and configuration management
- Maintain detailed documentation of enterprise security solutions and technical security standards
- Create and deliver security awareness materials, execute internal phish testing
- 5+ years of relevant experience, including the following:
- Planning, implementing, supporting, and maintaining security tooling such as vulnerability management, EDR, EPM/PAM, DLP, SIEM, etc.
- Performing incident triage and response
- Deep knowledge and experience with security concepts and tooling for securing, monitoring, auditing, and testing on-premise and cloud infrastructure
- Advanced knowledge of system security vulnerabilities and remediation techniques
- Advanced knowledge and experience with securing Windows, macOS, and Linux environments
- Experience with open source tools for security management, monitoring, and analytics
- Experience with the application of threat modeling or other risk identification techniques
- Excellent analytical, reasoning, and problem-solving skills with good knowledge of tools and techniques for anticipating, recognizing, and resolving technical problems
- Excellent verbal and written communication skills, including executive-level presentations
- Success with relationship building and working cross-functionally
- Experience deploying in Public Cloud Services (AWS preferred)
- Experience with scripting for automating repetitive tasks and supporting integrations
- Experience performing penetration testing
- CCSP, CISSP, CISA, CEH, SANS Security, or other industry and vendor-specific security certifications
- Bachelor's degree in Computer Science, Information Systems Security, or related field, or equivalent experience