Remote work for this role is supported.
The R&D Software Competency Center is responsible for Promega's software portfolio - bridging embedded, instrument control, production, and service domains. The team also provides scientific tools, data acquisition pipelines, visualization and analysis platforms both on premise and in the cloud. We are a distributed, dynamic team, actively growing to take on exciting projects in Life Sciences.
The Cloud Security Engineer participates in the design, development and implementation of cloud security architectures and standards for IoT in the Life Sciences domain. This responsibility extends onto design, development, deployment and certification of said architectures and standards. You will also contribute to the integration of cloud security, vulnerability, risk management, monitoring, and incident mitigation for both internal and external customers.
1. Document and author a complete InfoSec portfolio for a an IoT framework in the field of Life Sciences. Respond to external business partner security assessments when applicable.
2. Develop and improve cloud security monitoring strategies utilizing SIEM systems, configure cloud-native security capabilities accordingly. Elect, configure and maintain security tools used to identify abnormalities.
3. Identify cloud-specific attack patterns and devise preemptive, detection and defensive mitigation strategies, adapt those for Azure IoT cloud environments.
4. Work collaboratively in a team environment to identify solutions to complex security challenges in the field of Life Sciences, while tending to compliance/regulatory requirements, market standards/certifications, and custom deployment scenarios.
5. Balance multiple/concurrent tasks and participate in a Scrum-based development process; contribute to and influence technical discussions and decisions while supporting production environments used by internal and external customers.
6. Perform due diligence and post mortem security research; document and communicate findings to the team. Identify and communicate security gaps and associated risks providing the business with detailed descriptions, enabling risk-based decisions.
7. Perform internal and coordinate external security audits/certifications, risk assessments and analysis.
8. Demonstrates inclusion through their own words and actions and is accountable for a safe workspace. Acts with kindness, curiosity and respect for others.
9. Embracing and being open to incorporating Promega's 6 Emotional & Social Intelligence (ESI) core principles in daily work.
10. Evaluate and apply Azure platform security updates, on multi-environment, multi-tenant systems. Research and stay current on the latest trends, best practices, and technology developments.
1. Bachelor's degree in information technology, computer science, computer information systems, computer engineering or a related discipline.
2. Experience working with Cloud infrastructures (Azure, AWS, Google, IBM).
3. Working knowledge of Cloud/IoT security controls, principles and best practices; production-level experience with IoT frameworks a big plus.
4. Familiarity with frameworks such as: FISMA, HIPAA, HITECH, PCI.
5. Familiarity with NIST Cybersecurity Framework, NIST 800-53, CIS Controls, cloud security controls.
6. Familiarity with identity management and access control particularly as implemented in cloud environments.
7. Familiarity with network security.
8. Familiarity with security approaches for container (e.g. Docker) environments and container orchestration platforms.
9. Ability to describe attributes of activity/events of interest that a cloud environment would emit and ability to define SIEM (particularly Splunk) queries/searches/correlations to find and alert on such activity.
10. Verbose language skills, with the ability to communicate complex technical details using collaborative tools.
1. Experience with Medical instrumentation and/or regulated products.
2. Experience with GDPR or similar privacy regulations.
3. Experience working with Azure-based IoT solutions.
4. Awareness of critical concepts in DevOps and Agile principles.
1. Ability to use telephone and computer equipment.
Diversity is important at Promega. We are proud to be an Equal Opportunity Employer, and make employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability, or any other protected class.