Lead Application Security Engineer
USA - TX - Remote
AmerisourceBergen
AmerisourceBergen fosters a positive impact on healthcare around the world by advancing the development and delivery of pharmaceuticals and healthcare products.Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!
What you will be doingSummary:
This role is responsible for leading and overseeing the planning, execution, and management of multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness. Lead Engineers collaborate closely with other parts of the security team, customers, corporate IT, product, and engineering teams to design effective defense controls that limit threats and improve the company’s security posture. They develop and manage security strategies, initiatives, and policies/standards, ensuring the effectiveness of solutions, providing security-focused consultative services to the organization, and providing expertise and assistance to ensure the company’s infrastructure and information assets are protected. They review security violation reports and investigate security exceptions and update, maintain and document security controls. They provide subject matter expertise to the business and internal IT groups, and product research and development teams, working closely with software engineers.
Primary Duties and Responsibilities:
Oversees the maintenance of service-level agreements (SLAs) to ensure that security controls are upheld
Leads implementation of enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet compliance responsibilities
Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information
Develops, refines, and implements security policies, procedures, and standards across multiple platforms and application environments to meet internal and external compliance responsibilities
Coordinates with other senior technical executives in testing, development, and other IT teams to design, develop and implement security systems that protect company physical and intangible assets effectively
Reviews technical/functional design documents, build, maintain and implement cybersecurity, data security, and cloud security solutions
Consults with other business and technical staff on potential business impacts of proposed changes to the security environment
Provides security briefings to advise on critical issues that may affect the enterprise
Analyzes and generates insights from the metrics and KPIs gathered for executive review
Provides technical support to the network administrators and system administrators, monitors and maintains the current infrastructure, improves system performance, and automates system administration from security perspective
Provides technical guidance, coaching, and mentorship to Engineers I/II/III in executing their tasks & responsibilities
Monitors and analyzes emerging cyber threats, vulnerabilities, and exploits relevant to the company’s infrastructure and products
Works closely with information security and line of business management to identify, formulate and implement information security solutions and controls and to maintain and configure security tooling
Coordinates with systems and network engineers to ensure servers and network devices conform to security standards and that security devices and controls are working as designed
Communicates advanced information security concepts with clients, peers, and all levels of management and vendors effectively
Researches and deploys various tools to help with Cyber Operations, Threat Hunting, Vulnerability Management and Offensive Security, Email Security, Mobile, IoT, Distribution centers and Cloud arenas
Responds to security alerts and escalates critical incidents to correct support teams and participates in incident response exercises
Serves as a subject matter expert (SME) for product research and development teams, working closely with software engineers, product management and development, and divisional and corporate information systems
Education:
Bachelor’s Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.
Preferred Certifications:
Azure Security Engineer Certification
Certified Cloud Security Professional (CCSP)
Certification in Information Security Strategy Management (CISM)
Certified Information Systems Security Professional (CISSP)
CompTIA Security + Certification
Systems Security Certified Practitioner (SSCP)
Work Experience:
6+ years of directly-related or relevant experience, preferably in information security.
Behavioral Skills:
Conflict Resolution
Creativity & Innovation
Decision Making
Planning
Presentation Skills
Risk-taking
Technical Skills:
Network Solutions and Systems
Cybersecurity
Root Cause Analysis
Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)
Advanced Encryption
Application Architecture
Identity and Access Management
IT Risk Management
Threat Modelling
Tools Knowledge:
Microsoft Office Suite
Programming and Development Languages - JavaScript, HTML/CSS, Python, SQL
Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.
We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave.
To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more.
For details, visit https://www.virtualfairhub.com/cencora
ScheduleFull timeAffiliated CompaniesAffiliated Companies: AmerisourceBergen Services CorporationEqual Employment OpportunityCencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.
The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.
Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Azure CCSP CISM CISSP Cloud COBIT Compliance CompTIA Computer Science EDR Encryption Exploits Firewalls IAM IDS Incident response IoT IPS ISO 27001 ITIL JavaScript KPIs NIST Offensive security Python Risk management Security strategy SIEM SLAs SOAR SOX SQL SSCP Strategy VPN Vulnerabilities Vulnerability management
Perks/benefits: Career development Health care Medical leave Parental leave Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs