Sr. InfoSec Analyst (Vulnerability Management) (DTJ)

Sr. InfoSec Analyst (Vulnerability Management) (DTJ) Req ID #:  178509 Location: 

US Wilmington, MA, US, 01887 At Charles River, we are passionate about improving the quality of people’s lives. When you join our global family, you will help create healthier lives for millions of patients and their families. 

Charles River employees are innovative thinkers, who are dedicated to continuous learning and improvement. We will empower you with the resources you need to grow and develop in your career. 

As a Charles River employee, you will be part of an industry-leading, customer-focused company at the forefront of drug development. Your skills will play a key role in bringing life-saving therapies to market faster through simpler, quicker, and more digitalized processes. Whether you are in lab operations, finance, IT, sales, or another area, when you work at Charles River, you will be the difference every day for patients across the globe.

IMPORTANT:   In order to be considered for this position, a resume/CV must be uploaded and submitted during the application process.  Please make sure work history and education are added correctly.   

  Job Summary  

The Sr. InfoSec Analyst (Vulnerability Management) is a hands-on practitioner and representative of the vulnerability management practice in the cyber security defense. This is a technical role and candidates must possess a solid understanding of information security, applications, operating systems, networking, cloud infrastructure, and basic attacker tactics, techniques, and procedures (TTPs). The vulnerability analyst understands that legacy and present-day systems and applications may have weaknesses that can be exploited by external threat actors and potentially lead to a breach. Given that vulnerability management and risk exposure extend across all technical systems enterprise-wide, responsibilities of this position include identifying assets and vulnerabilities, reporting, remediation, penetration testing and continuous assessment. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy.

ESSENTIAL DUTIES AND RESPONSIBILITIES:  

•    Work as part of a team to consistently learn and share advanced skills and foster team excellence.

•    Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.

•    Conduct continuous discovery and vulnerability assessment of enterprise-wide assets. 

•    Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.

•    Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business and gain support through influential messaging.

•    Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.   

•    Support internal and external auditors in their duties that focus on compliance and risk reduction. 

•    Perform penetration testing against Charles River assets with vulnerability management team members, at the direction of the vulnerability management team lead.

•    Collaborate with security groups such as patching, threat intelligence and 3rd party risk management to form a holistic team dedicated in thwarting attackers and reducing attack surface.

•    Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.

•    Perform other duties as assigned.  Job Qualifications  

Education:  Bachelor’s degree (B.A./B.S.) or equivalent in computer science, information technology, or related discipline.

Experience:  Minimum of 5-8 years related experience in information security operations, vulnerability management, or related discipline. An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above.

•    Experience stabilizing systems to run minimal application requirements, least privilege and additional host hardening.

•    Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices.

•    Preferably some experience with vulnerability management across Amazon Web Services (AWS) or Microsoft Azure.    

•    Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.

•    Capable of scripting in Python, Bash, Perl or PowerShell.

•    Certification/Licensure:  IT security related certification desired (e.g., Security +, CISSP, CISA, GCED, GPEN, GCIH, or similar professional certification).

Other:   Understanding of HIPAA-HITECH, PCI, SOX, GxPs, Data Privacy regulations, etc. Able to handle moderate problem resolution with general supervision.  Analytical and problem-solving mindset.  Must have strong interpersonal, teamwork, self-initiative skills.

IMPORTANT: A resume is required to be considered for this position. If you have not uploaded your resume in your candidate profile, please return to upload field and attach your resume/CV. 

About Corporate Functions

The Corporate Functions provide operational support across Charles River in areas such as Human Resources, Finance, IT, Legal, Sales, Quality Assurance, Marketing, and Corporate Development. They partner with their colleagues across the company to develop and drive strategies and to set global standards. The functions are essential to providing a bridge between strategic vision and operational readiness, to ensure ongoing functional innovation and capability improvement.  

About Charles River

Charles River is an early-stage contract research organization (CRO). We have built upon our foundation of laboratory animal medicine and science to develop a diverse portfolio of discovery and safety assessment services, both Good Laboratory Practice (GLP) and non-GLP, to support clients from target identification through preclinical development. Charles River also provides a suite of products and services to support our clients’ clinical laboratory testing needs and manufacturing activities. Utilizing this broad portfolio of products and services enables our clients to create a more flexible drug development model, which reduces their costs, enhances their productivity and effectiveness to increase speed to market.

With over 17,000 employees within 90 facilities in 20 countries around the globe, we are strategically positioned to coordinate worldwide resources and apply multidisciplinary perspectives in resolving our client’s unique challenges. Our client base includes global pharmaceutical companies, biotechnology companies, government agencies and hospitals and academic institutions around the world. And in 2019, revenue increased to $2.62 billion.

At Charles River, we are passionate about our role in improving the quality of people’s lives. Our mission, our excellent science and our strong sense of purpose guide us in all that we do, and we approach each day with the knowledge that our work helps to improve the health and well-being of many across the globe. We have proudly supported the development of ~85% of the drugs approved by the FDA in 2019.

Equal Employment Opportunity

Charles River Laboratories is an Equal Opportunity Employer - all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

If you are interested in applying to Charles River Laboratories and need special assistance or an accommodation due to a disability to complete any forms or to otherwise participate in the resume submission process, please contact a member of our Human Resources team by sending an e-mail message to crrecruitment_US@crl.com. This contact is for accommodation requests for individuals with disabilities only and cannot be used to inquire about the status of applications.

For more information, please visit www.criver.com.

Job Segment: Information Security, Testing, Cloud, Pharmaceutical, Quality Assurance, Technology, Science