Senior Information Security Engineer (Linux, Cloud)

Model N Global Information Security team is seeking Senior Information Security Engineer.  This role is responsible for the management and development of Model N’s Information Security program to support business objectives. This role will act as a critical partner who will work with multiple different teams across organizations.  The role will provide security expertise, improve our security incident and threat management program, mentor, and work with teams throughout the organization. The role will have expertise in technology integrations, and workflow automation across physical, virtual and cloud computing, pushing process improvements, influencing organization priorities, and tackling security projects.
Sr. Information Security Engineer will be a critical and high-impact individual who will work closely with several key individuals and teams and will be part of security engineers and architects who demonstrate superb technical competency, delivering mission-critical infrastructure and ensuring the highest levels of availability, performance, and security across our enterprise. Qualified candidates will have a background in Information Security, Security Incident Management, Security Operations, Threat Management and Engineering.This role reports into the Global Information Security Officer & DPO and will maintain strong relationships with all line-of-business technology groups. 

Job Responsibilities:

• Administer Linux systems for Security vulnerability remediation.
• Administer and configure AWS cloud services for remediating security vulnerabilities.
• Investigate security alerts and identify a security resolution.
• Create security automation jobs on automation systems like Jenkins, ArgoCD and Ansible.
• Receiving and responding to cyber security alerts and security incident reports.
• Actively calling and leading security incident bridges and coordinating internal incident response efforts between first responders, and operations teams, and managed security services.
• Configure, support and manage SIEM and related tools, processes and procedures.
• Overseeing the incident management process and team members involved in resolving the incident.
• Collecting intrusion artifacts (e.g., source code, malware, trojans) and using discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Coordinating and providing expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Defining information system security requirements and functionality.
• Producing formal and informal reports, briefings, and direct input to the customer.
• Support Model N business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including but not limited to Sarbanes Oxley (SOX), SOC, ISO 27001, ISO, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc.  Validate on-going compliance of policies and processes/procedures in support of requirements and ensure that controls operate effectively.
• Responsible for quality and on-time execution of periodic audit activities such as change management review, SDLC review, audit of release process and CI/CD, Segregation of duties etc.
• Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plan. Perform follow-up activities related to remediate gaps, drive remediation efforts.
• Thorough understanding of the latest security principles, techniques, and protocols
• Can communicate to senior leaders, provide recommendations, and excels at gaining multi-team alignment.
• Knowledge of industry best practices for foundational security elements including network devices and system-level hardening
• Serve as point of contact to work closely with cross functional teams - Engineering/ product security/ IT/ corporate security teams to identify risk to the business/ product and other areas necessary to identify risks to the business.
• Display technical excellence in Cloud Native technologies as well as multidisciplinary capabilities in coding, and networking.
• Be able to map technical controls to the risk they solve and help create business justification for the necessary technical solutions

Job Qualification

• 5+ years of experience in Information Security, Security Architecture, Threat Management and Security Operations.
• Cloud security essentials in at least one of AWS, OCI, or Azure.
• Drive security vulnerability remediation on cloud assets.
• Configure AWS services for attaining security best practices and CIS benchmarks
• Broad security subject matter expertise in areas such as network security, endpoint security, malware analysis, reverse engineering, and cloud etc.
• Experience with a SIEM and SOAR platform.
• Experience with building incident response tooling and scripting language skills.
• Must have experience supporting and driving ISO 27001, SOC, PCI DSS readiness and audit (e.g., control design review, control operating effectiveness audit, assessment write -ups and control documentation review, audit evidence upload, supporting audit walkthroughs with auditors, etc.) 
• Certification preferred (but not a requirement) in one or more of the following: CISA, CISM, Cloud platforms.
• Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders.
• Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement.  Must be aware of and deliver quality stakeholder engagement experience. 
• Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
• Ability to multitask and manage simultaneous projects

At Model N, we believe our collective success stems from the uniqueness of every individual's diverse backgrounds, experiences, and expertise; we call this the N Factor. So don’t allow uncertainty to keep you from applying to join our team. If you don’t meet the exact criteria but can demonstrate your skillset is the best for the job, we’d love to talk with you. We’re curious to know, what’s your N Factor?      About Model N   Model N enables life sciences and high tech companies to drive growth and market share, minimizing revenue leakage throughout the revenue lifecycle. With deep industry expertise and solutions purpose-built for these industries, Model N delivers comprehensive visibility, insight and control over the complexities of commercial operations and compliance. Our integrated cloud solution is proven to automate pricing, incentive and contract decisions to scale business profitably and grow revenue. Model N is trusted across more than 120 countries by the world’s leading pharmaceutical, medical technology, semiconductor, and high tech companies, including Johnson & Johnson, AstraZeneca, Stryker, Seagate Technology, Broadcom and Microchip Technology. For more information, visit www.modeln.com. 
We’re constantly growing and may have something for you later on if this is not the right opportunity for you. Check out our career site to learn more about Model N or view other jobs: https://www.modeln.com/company/careers/