Job Title Lead Security Engineer
Req ID 6496BR
Department GIS Management
Location Boston, MA
Job Description • Support the development, implementation and maintenance of security operations for Vertex's corporate IT environment.
• Operates and maintains IDS/IPS, log management, and related network security infrastructure and services.
• Provides oversight of managed security service providers, e.g. security operations center, forensics, etc.
• Participate in Vertex’s vulnerability management program as a subject matter expert, providing guidance on vulnerability mitigation efforts, tool selection and implementation, and performing vulnerability identification
• Perform network penetration testing activity, including reviewing the results of third-party tests, as well performing internal tests of the Vertex's network.
• Serve as an active member of the Computer Security Incident Response Team (CSIRT) and participate in security incident response efforts by having an in-depth technical knowledge of common security exploits, vulnerabilities, and countermeasures.
• Manage reporting, investigation and resolution of security incident and serve as the primary contact for the Corporate IT environment process
• Aligns security operations and processes with the business objectives.
◦ Develops detailed and sustainable operational procedures
◦ Assures daily operational procedures are performed
◦ Assures compliance to operational procedures
◦ Develops meaningful metrics
◦ Identifies and resolves operational problems.
◦ Interfaces with and supports network, end user services, system engineers for production assistance and troubleshooting.
• Supports the execution of information security programs
◦ Application Security.
◦ Exception Management.
◦ Security Awareness.
• Provide 3rd level technical support for security infrastructure, production systems and services
• Proactively monitors security infrastructure for optimal performance and provide input for capacity planning and fine tune infrastructure when needed.
• Assists with facilitating and conducting Information Security Risk Assessments as they pertain to Technology Risk Management (Risk Analysis and Vulnerability Management) and Vendor Management Programs.
• Develop procedures for privilege access permission recommendations and changes
• Monitor and report on misuse or inappropriate use of privileged permissions
• Provide technical information security consulting services to Vertex IT personnel who support IT infrastructure, Applications and Business focused personnel.
• Assist in the development of use cases, patterns and process that will advance the security practice and enable the business to more easliy align with policies, standards and target state architecture models.
• Contribute to the information security strategy that will shape the security practice and the organization.
• Assist in the definition of security requirements for the implementation of new applications and projects
• Maintains existing policies, standards and procedures and idenitfies where new ones need to be developed.
• Conducting and/or supporting internal security risk assessments, as well as assessments of Vertex’s business partners.
• Participates in rotating off hour on-call support.
• Limited travel required.
Minimum Qualifications
Minimum Qualifications
• Bachelors Degree in Computer Science, Information Systems or related field, or 8 years of related experience.
• Experience with Network Security Operations and Processes.
• CISSP, CISM, CISA, CEH, CEPT, GIAC or similar relevant information security certifications required.
Preferred Qualifications:
• 8 years of total experience and 5 plus years of experience with Network Security.
• In-depth knowledge of IT technologies including: Routing & Switching in LAN/WAN architectures, WLAN, Radius, Firewalls, SSO/SAML, SaaS/Cloud Services, Identity Access Management, SDLC, DLP, IPS?IDS, PKI, Authentication/Authorization/Accounting (AAA), anti-virus and Intrusion Detection and Prevention, encryption technologies, secure application design, endpoint protection technologies, Microsoft Technologies (Active Directory, IIS, ISA, DNS, SQL), Oracle, Solaris, Linux.
• A high degree of integrity and trust along with the ability to work independently or as part of a team.
• Demonstrated ability to analyze & escalate potential risks internally or external to the organization
• Knowledge and direct experience incorporating ISO 27002, NIST SP 800-53, and other security control frameworks and standards.
• Experience in performing penetration testing of network, application and IT resources.
• Experience using security technologies, including but not limited to Nessus, Snort, NMap, Rapid7, Qualys, RedSeal, Metasploit and Wireshark.
• Experience with Risk Assessment and Regulatory requirements.
• Experience in management of multiple related projects with multiple customers.
• Experience with Project Management methodologies
• Experience in technology and security related to pharmaceutical industries.
• Maintains awareness of latest security issues and technologies, and keeps abreast of testing tools, techniques, and process improvements in support of security event detection and analysis.
• Knowledge and experience assessing information security risks against Sarbanes-Oxley, HIPAA, PCI-DSS, and other regulations and industry standards.
• Experience in Windows account management, access control and reviews.
• Demonstrable experience being creative, working with agility, and thinking
outside the box. We are looking for a security engineer that is willing to solve problems, and overcome roadblocks.
• Strong hands-on background in Windows, MacOS, and Linux environments including security
• Strong understanding of corporate IT including security
• Strong understanding of mobile devices and including application security
• Strong knowledge of information systems and security controls
• Familiarity with relevant compliance standards such as Mass Data Privacy Law, FISMA
• Demonstrated ability to prioritize and manage competing work assignments in a time sensitive environment
• Ability to weigh business risks and enforce appropriate information security measures
Company Information
Vertex is a global biotechnology company that aims to discover, develop and commercialize innovative medicines so people with serious diseases can lead better lives. In addition to our clinical development programs focused on cystic fibrosis, Vertex has more than a dozen ongoing research programs aimed at other serious and life-threatening diseases.
Founded in 1989 in Cambridge, Mass., Vertex today has research and development sites and commercial offices in the United States, Europe, Canada and Australia.For four years in a row, Science magazine has named Vertex one of its Top Employers in the life sciences. For additional information and the latest updates from the company, please visit www.vrtx.com.
Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, gender, age, religion, national origin, ancestry, disability, veteran status, genetic information, sexual orientation or any characteristic protected under applicable law. Vertex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.