Lead InfoSec Engineer (SecDevOps) - DTJ (REMOTE)

For 75 years, Charles River employees have worked together to assist in the discovery, development and safe manufacture of new drug therapies. When you join our family, you will have a significant impact on the health and well-being of people across the globe. Whether your background is in life sciences, finance, IT, sales or another area, your skills will play an important role in the work we perform. In return, we’ll help you build a career that you can feel passionate about.

Job Summary

The Lead InfoSec Engineer (SecDevOps) is a subject matter expert (SME) who plays a crucial role in bridging the gap between development, operations, and security. Our ideal candidate will possess a strong technical background in both IT security and software development, enabling them to implement and maintain secure DevOps practices across our projects. The engineer works as part of a team to assess cybersecurity and technology risk against established frameworks, standards, policies and methodologies. The individual reviews and recommends controls and best practices, and continually evaluates risk exposure and tolerance as defined by business leaders and external entities. The role also reviews and documents deficiencies, advocates for change, and when appropriate, escalates issues to senior risk leadership. With an emphasis on developing secure DevOps strategies, this position plays a crucial role in securing business-to-business initiatives, third-party relationships, outsourced solutions, and vendors.  Ideal candidates will possess practical hands-on technology experience with security principles and risk management, along with a strong understanding of DevOps culture and practices.

ESSENTIAL DUTIES AND RESPONSIBILITIES:  

• Develop, implement, and maintain secure CI/CD pipelines to facilitate safe code releases without sacrificing speed or efficiency.
• Collaborate with development and operations teams to integrate security at every phase of the software development lifecycle.
• Conduct vulnerability assessments and security tests on applications and infrastructure to identify and mitigate risks before production deployment.
• Conduct security evaluations of open-source software libraries and frameworks to identify and mitigate potential vulnerabilities; manage the security aspects of APIs, including authentication, authorization, and encryption practices to ensure robust defense against external and internal threats.
• Automate security processes to reduce human error and increase incident response times.
• Maintain security documentation and standard operating procedures.
• Stay up to date with emerging security threats and vulnerabilities and ensure that the company's systems and data are protected against them.
• Provide security awareness training to other teams and advocate for security best practices throughout the organization.
• Participate in the development and enforcement of security policies and procedures.
• Perform other duties as assigned.

Job Qualifications

• Education:  Bachelor’s degree (B.A./B.S.) or equivalent in computer science, information security.
• Experience:  8+ years in an InfoSec or development role, with 5+ years of experience in a DevOps role with a strong focus on security, or in a dedicated cybersecurity role with exposure to DevOps practices.
  • An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above.
• Certification/Licensure:  IT security related certification desired (e.g., CISSP, CISM, CompTIA Security+, Certified Kubernetes Security Specialist (CKS), or AWS Certified DevOps Engineer, or similar professional certification).
• Other:  
  • Strong understanding of cloud platforms (AWS, Azure, GCP) and their native security tools.
  • Proficiency in scripting languages (e.g., Python, TypeScript, Bash) and automation tools (e.g., Ansible, Terraform, Jenkins, Jinja).
  • Familiarity with web app development languages such as JavaScript, Perl, C#.
  • Familiarity with containerization and orchestration technologies (Docker, Kubernetes).
  • Knowledge of compliance standards and security frameworks (e.g., ISO 27001, NIST, SOC 2).
  • Experience with secure software development practices such as using SAST/DAST tools, secure code review, and threat modeling.
  • Excellent problem-solving skills and ability to think critically and strategically.
  • Effective communication skills, with an ability to convey complex security issues to non-technical stakeholders. 
  • Must have strong interpersonal, teamwork, self-initiative skills.
     

Compensation Data

The pay range for this position is $140K - 169K USD. Please note that salaries vary within the range based on factors including, but not limited to, experience, skills, education, certifications, and location

About Corporate Functions 
The Corporate Functions provide operational support across Charles River in areas such as Human Resources, Finance, IT, Legal, Sales, Quality Assurance, Marketing, and Corporate Development. They partner with their colleagues across the company to develop and drive strategies and to set global standards. The functions are essential to providing a bridge between strategic vision and operational readiness, to ensure ongoing functional innovation and capability improvement.

About Charles River
Charles River is an early-stage contract research organization (CRO). We have built upon our foundation of laboratory animal medicine and science to develop a diverse portfolio of discovery and safety assessment services, both Good Laboratory Practice (GLP) and non-GLP, to support clients from target identification through preclinical development. Charles River also provides a suite of products and services to support our clients’ clinical laboratory testing needs and manufacturing activities. Utilizing this broad portfolio of products and services enables our clients to create a more flexible drug development model, which reduces their costs, enhances their productivity and effectiveness to increase speed to market.

With over 20,000 employees within 110 facilities in over 20 countries around the globe, we are strategically positioned to coordinate worldwide resources and apply multidisciplinary perspectives in resolving our client’s unique challenges. Our client base includes global pharmaceutical companies, biotechnology companies, government agencies and hospitals and academic institutions around the world. 

At Charles River, we are passionate about our role in improving the quality of people’s lives. Our mission, our excellent science and our strong sense of purpose guide us in all that we do, and we approach each day with the knowledge that our work helps to improve the health and well-being of many across the globe. We have proudly supported the development of 86% of the drugs approved by the FDA in 2021.

Equal Employment Opportunity
Charles River Laboratories is an Equal Opportunity Employer - all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, veteran or disability status.

If you are interested in applying to Charles River Laboratories and need special assistance or an accommodation due to a disability to complete any forms or to otherwise participate in the resume submission process, please contact a member of our Human Resources team by sending an e-mail message to crrecruitment_US@crl.com. This contact is for accommodation requests for individuals with disabilities only and cannot be used to inquire about the status of applications.

For more information, please visit www.criver.com.