Lead Information Security Engineer
- Recruiter
- Regeneron Pharmaceuticals, Inc.
- Location
- Tarrytown
- Salary
- Competitive
- Posted
- 15 Mar 2023
- Closes
- 30 Mar 2023
- Job Type
- Information Security
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
Join our award–winning cybersecurity team at Regeneron to see how we help businesses grow and succeed using the power of technology! We are looking for a Lead Information Security Engineer who will contribute to the plan, maintenance, and design of Regeneron's security engineering program and endpoint security capabilities. You will align business requirements and security technologies to protect the network perimeter, cloud, internal network, and computer endpoints (including mobile devices) from cyber threats, malware, and data loss. Define and conduct security reviews on solutions and configurations in–line with established security policies, control objectives and standards. We support the use of security products deployed on the network and computer endpoints. Participate on architecture review boards (as an alternate) to drive adoption of security controls as part of IT, cloud, and digital projects. You should have a solid knowledge of NIST 800–53, Cybersecurity Framework and CIS Standards.
In this role, a typical day might include the following:
- Advise and collaborate on roadmaps for security capabilities: anti–virus/anti–malware, advanced detection and response, forensics, DLP, proxy, host–based firewall, and application whitelisting.
- Support the Secure Configuration Standard program for defining software hardening standards.
- Conduct technical risk analysis of Regeneron solutions to ensure essential cyber hygiene.
- Provide security guidance for Regeneron cloud environments.
- Define and contribute to the network security capabilities to include firewall, intrusion detection/prevention, web proxy, secure remote access, and cloud security.
- Support the execution of projects on the roadmap for network and endpoint security technologies.
- Develop business requirements, technical requirements, architecture diagrams, implementation guidance, and project management for security technology deployments.
- Participate on architecture review boards (as an alternate) to integrate security requirements as part of the IT project management lifecycle.
- Collaborate with security operations and security metrics leads to define process management and measurements for endpoint and network security capabilities.
This job might be for you if:
- You have an eye for detail and pride yourself on the quality of your work. Operational excellence matters more than just finishing the tasks.
- With your sleeves rolled up, you work on current problems while thinking of future solutions.
To be considered for the role, you must have BS/BA Degree with 7+ years in infosec, or 7+ years in IT with 3+ years in security architecture and security engineering. Experience in security architecture design, network segmentation, firewall rulesets, network edge access control lists, and cloud security. Fluent in core IT and networking topics, and current with cutting edge network security, SIEM, logging, and monitoring technologies. Experience with endpoint threat detection and response capabilities. Experience with technologies in most the following: Firewalls, IDS, IPS, proxy, cloud access and encryption, DMZ architecture, SIEM, logging, anti–virus/anti–malware, endpoint detection and response, host–based firewall, application whitelisting, file integrity monitoring, and data loss prevention. Experience in a GxP or another regulated environment, preferred.
Position requires CISSP, CISM, CISA, CRISC, GSLC or equivalent, relevant certification from a recognized body (e.g., SANS, ISC2, ISACA). If absent, certification must be attained no later than after one year of start date.
Salary Range (annually)
$103,600.00 – $169,000.00