Covance

  • Sr Security Engineer

    Job Location(s) US-NC-Raleigh-Durham | US-NC-Burlington | US-NJ-Princeton
    Job Number
    2018-25079
    Job Category
    Information Technology
    Position Type
    Full-Time
  • Job Overview

    Job Description: Senior Data Security Engineer

     

    We are seeking a Senior Data Security Engineer to join the Office of Information Security, reporting to the Director of Security Engineering and Innovation.  The Senior Data Security Engineer will lead and implement an enterprise strategy on data security, and will partner with various technical teams to ensure this strategy is carried out.  The Senior Data Security Engineer will also work closely with other security staff and represent the interests of the broader Information Security team to the rest of the enterprise. 

     

    Responsibilities:

     

    • Manage, implement, and continuously improve the security of company data, including client and patient data.
    • Define and ensure implementation of appropriate security controls commensurate with data classification.
    • Define and ensure a consistent set of controls in order to secure protected health information (PHI).
    • Partner with DevOps and other technical teams representing infrastructure, application development, and information security in order to design and implement data security solutions.
    • Evaluate, recommend, and implement data security controls including transactional auditing, log retention, encryption and data masking.
    • Articulate and maintain a solid understanding of technical controls required to secure data at rest and in transit.
    • Assess business requirements and use cases in order to facilitate the adoption of data security controls.
    • Monitor and report on access to sensitive data; respond to any data breaches accordingly.
    • Work closely with database administrators to understand and implement security controls inherent in the platform (Oracle, Microsoft SQL, Sybase, etc.).
    • Work closely with team members from Risk Management and Compliance in order to understand external compliance requirements.
    • Represent the interests of the broader Information Security team to other technical staff and business stakeholders.
    • Develop and maintain data security standards and evangelize those to appropriate staff.
    • Develop and share data security expertise within the broader Information Security team.
    • In partnership with the broader Information Security team, research and recommend emerging security technologies/tools to address current and future threats.
    • Provide guidance for security remediation to business and IT partners by conducting technical risk assessments (includes vulnerability assessment).
    • Participate in security incident handling and investigations as required.
    • Interact and manage vendors, outsourcers, and contractors regarding security products and services.
    • Manage and/or provide guidance to junior members of the team.

    Education/Qualifications

    • Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is highly desired.
    • CISSP certification desired.

    Experience

    Minimum Required:

    • Minimum 3 years experience in information security.
    • Proven experience and success with data security design and implementation.
    • Working knowledge of common database security controls, including encryption and data masking.
    • Proven experience with information security best practices.
    • Proven project management and organizational skills, specifically managing multiple, concurrent projects.
    • Strong interpersonal, written, and oral communication skills.
    • Highly self-motivated and directed professional, with keen attention to detail.
    • Excellent analytical, problem-solving and decision-making abilities.
    • Able to effectively prioritize tasks in a high-pressure environment.
    • Strong customer service and solution-focused orientation.
    • Experience working in a team-oriented, collaborative environment.

     

    Preferred Skills:

    • Development or scripting knowledge desired.
    • Understanding of industry standards and compliance requirements related to information security and data security—especially ISO 27001, HIPAA, and PCI DSS.
    • Working knowledge of at least one major data security platform (IBM Guardium, Imperva SecureSphere for Databases, etc.)
    • Experience working with noSQL databases including MongoDB and Hadoop.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Tell Us About Yourself

    Not ready to apply? Connect with us to join our talent community.