Cybersecurity Principal Engineer

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

What you will be doing

Summary:

This role is responsible for leading and overseeing the planning, execution, and management of complex multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness. Principal Engineers collaborate closely with other parts of the security team, customers, corporate IT, product, and engineering teams to design effective defense controls that limit threats and improve the company’s security posture. They develop and lead security strategies, initiatives, and policies/standards, ensuring the effectiveness of solutions, providing security-focused consultative services to the organization, and providing expertise and assistance to ensure the company’s infrastructure and information assets are protected. They provide subject matter expertise to the business and internal IT groups, , working closely with infrastructure engineers and leadership. They are expected to have a deep understanding of all and expertise in a few Information Security components. They play a key technical role in defining enterprise technology and Information Security principles and best practices. They act as a subject matter expert for Information Security and participate in senior leadership meetings to bring Information Security perspective to the company-wide IT Strategy.

Primary Duties and Responsibilities:

• Lead Operational Excellence program to ensure Cybersecurity capabilities are optimized and meeting the needs of the Cybersecurity Response and Defense team

• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; oversees risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments

• Oversees the response to information system security incidents, including investigation of, countermeasures to, and recovery from, computer-based attacks, unauthorized access, and policy breaches; engages, interacts and coordinates with third-party incident responders

• Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and provides oversight to ensure compliance.

• Provides technical leadership of projects involving large-scale, complex and highly analytical tasks 

• Plans and leads upgrades to security measures and tools for the protections of information systems and networks  

• Formulates methodologies to monitor for as well as respond to security related events and assist in remediation efforts of cyber security incidents

• Provides technical guidance to the network administrators and system administrators, monitors and maintains the current infrastructure, improves system performance, and automates system administration from security perspective

• Provides technical guidance, coaching, and mentorship to other ISO Engineers in executing their tasks & responsibilities

• Oversees the maintenance of service-level agreements (SLAs) to ensure that security controls are upheld

• Leads implementation of enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet compliance responsibilities

• Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information

• Develops, refines, and implements security policies, procedures, and standards across multiple platforms and application environments to meet internal and external compliance responsibilities

• Coordinates with other senior technical executives in testing, development, and other IT teams to design, develop and implement security systems that protect company physical and intangible assets effectively

• Reviews technical/functional design documents, build, maintain and implement cybersecurity, data security, and cloud security solutions

• Consults with other business and technical staff on potential business impacts of proposed changes to the security environment

• Provides security briefings to advise on critical issues that may affect the enterprise

• Analyzes and generates insights from the metrics and KPIs gathered for executive review

• Monitors and analyzes emerging cyber threats, vulnerabilities, and exploits relevant to the company’s infrastructure and products

• Works closely with information security and line of business management to identify, formulate and implement information security solutions and controls and to maintain and configure security tooling

• Coordinates with systems and network engineers to ensure servers and network devices conform to security standards and that security devices and controls are working as designed

• Communicates advanced information security concepts with clients, peers, and all levels of management and vendors effectively

• Researches and deploys various tools to help with Cyber Operations, Threat Hunting, Vulnerability Management and Offensive Security, Email Security, Mobile, IoT, Distribution centers and Cloud arenas

• Responds to security alerts and escalates critical incidents to correct support teams and participates in incident response exercises

• Serves as a subject matter expert (SME) for product research and development teams, working closely with software engineers, product management and development, and divisional and corporate information systems

What your background should look like 

• Bachelor’s Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience

• 8+ years of directly-related or relevant experience, preferably in information security

Preferred Certifications:

• Azure Security Engineer Certification

• Certified Cloud Security Professional (CCSP)

• Certification in Information Security Strategy Management (CISM)

• Certified Information Systems Security Professional (CISSP)

• CompTIA Security + Certification

• Systems Security Certified Practitioner (SSCP)

Behavioral Skills:

• Conflict Resolution

• Creativity & Innovation

• Decision Making

• Assertiveness

• Influencing Skills

• Planning

• Presentation Skills

• Risk-taking

Technical Skills:

• Network Solutions and Systems

• Cybersecurity

• Root Cause Analysis

• Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)

• Advanced Encryption

• Application Architecture

• Identity and Access Management

• IT Risk Management

• Threat Modelling

Tools Knowledge:

• Microsoft Office Suite

• Programming and Development Languages - JavaScript, HTML/CSS, Python, SQL

• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

What Cencora offers

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members’ ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. 

To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more.

For details, visit https://www.virtualfairhub.com/amerisourcebergen

Schedule

Full time

Salary Range*

$118,000 - 181,720

*This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado/California/Washington/New York State-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range.

Affiliated Companies:Affiliated Companies: AmerisourceBergen Drug Corporation

Equal Employment Opportunity

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@amerisourcebergen.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned