Senior Security Engineer

See more jobs from Theravance , Inc.

almost 3 years old

This job is no longer active

Responsible for ensuring the smooth and effective operation of the Theravance security systems and controls with a goal to maintain a strong information security program and enable comprehensive auditing and compliance verification. Provide hands-on support for a broad spectrum of technologies, including security software running on Windows and UNIX systems, network devices, virtual machines, as well as software-as-service (SaaS) services. Collaborate with internal and external stakeholders in implementing and supporting technical projects, and for operational support of production platforms.

Essential Duties & Responsibilities

  • Perform daily security reviews of security operations center (SOC) reports and security systems for anomalies and respond to potential security events
  • Oversee security patch process and validate compliance
  • Facilitate security vulnerability assessments and penetration tests. Work on security alerts, events, and security incidents, including forensics analysis
  • Assist in the investigation of security incidents as required and recommend corrective actions and process improvements
  • Contribute general consulting (risk analysis) and project support in the area of information security to IT infrastructure and projects as needed to support new business requirements
  • Coordinate with technology, business groups and vendors to assess, implement, and monitor IT-related security risks/hazards
  • Report security performance against established security metrics to drive security compliance throughout the organization
  • Understand the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
  • Manage an information security awareness program to ensure staff members across the organization understand the trade-off between risk and return
  • Ensure and monitors security compliance with industry and government rules and regulations

DESIRED BACKGROUND AND EXPERIENCE

  • Professional experience within an information security function analyzing and applying information security, risk management practices
  • Strong skills driving cross-functional security-related projects and vulnerabilities remediation efforts
  • Strong skills documenting, implementing and socializing security policies, standards and operating procedures
  • Strong working understanding and knowledge of Windows and Linux Operating Systems
  • Deep technical and operational understanding of TCP/IP and security protocols, network defense, and security related technologies including encryption, VPNs, firewalls, proxy services, and IDS/IPS, Windows Active Directory, VMware
  • Deep understanding of tools, tactics, techniques, and procedures utilized by malware
  • Ability to manage multiple groups during an incident to employ effective and efficient incident response to critical events
  • Ability to perform, and provide guidance on, forensically sound collection of information and evidence during incidents
  • Ability to collect, understand, and correlate events from multiple technical sources
  • Ability to research, collect, and interpret open source information for current/imminent threats
  • Ability to work with vendors and perform risk assessments of new products and technologies
  • Provide computer security response plan (CSIRP) and computer security response team (CSIRT) plan and program development
  • Ability to develop and implement incident identification, containment, eradication, and recovery procedures
  • Ability to convey technical information to executive-level management in a clear, concise, and effective manner
  • Ability to work with multiple groups to understand current threats to the environment and develop a strategic approach to mitigating and responding to possible incidents
  • Incident Management (GISP, GSLC) and Incident Response (GCIH/A, et al.) certifications a plus
  • Experience working in a regulated environment (SOX and/or 21CFR11).
  • Ability to work comfortably in dynamic changing environments

REQUIREMENTS

  • 10+ years of hands on technical and/or computer experience
  • 5+ years working experience in analyzing incidents, determining the cause and extent of possible data loss, managing a team’s response actions, and advising on immediate, mid-term and long-term remediation
  • Biopharmaceutical company experience in fast-growing environment preferred
  • Industry recognized technical level education and experience
  • Hands-on experience installing and administering security systems and tools, including firewalls, IDS/IPS, SIEM, manage antivirus/antimalware, patch management, log analyzers, network tracers, vulnerability scanners, and Group Policy
  • Strong knowledge in the following areas: IAM, system virtualization, Windows and Unix Security, Cloud Security, Application Whitelisting, Vulnerability Management, endpoint security controls
  • Strong attention to detail with an analytical mind and outstanding problem-solving skills.
  • Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables
  • Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences

 

 

APPLICANT NOTICE ABOUT YOUR PERSONAL INFORMATION


1. Overview
This Notice explains your rights under the California Consumer Privacy Act (“CCPA”) (Cal. Civ. Code § 1798.100 et seq.) and helps you understand how Theravance Biopharma Inc. (“Theravance Biopharma”) collects and uses your Personal Information in compliance with the CCPA. In this Notice, the terms “company,” ”us,” “we,” and “our” refer to Theravance Biopharma and its affiliates and subsidiaries. “Applicant” or “you” refer to job applicants or candidates for employment with Theravance Biopharma.

2. What Information We Collect
Theravance Biopharma collects information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”). The following discusses the categories of Personal Information we collected in the last twelve (12) months. We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different purposes without first providing you notice.

• Identifiers. We collect your name, driver’s license or ID number, email address, phone number, and mailing address from you during our recruitment processes. We may also collect personal identifiers about your personal or professional references, if you provide this information during the recruitment process.
• Social Networking Information. If you choose to sign in to your LinkedIn account when you submit your online application with us, we may collect additional information depending on your settings with LinkedIn. To the extent information is made available on your profile, we may collect personal identifiers, including your name or location; LinkedIn information, including your connections and activity; inferences and preferences information, such as your interests and posts; education information, such as your education history; and professional and employment-related information, such as your experience.
• Characteristics of Protected Classifications Under California or Federal Law. We may collect your date of birth, age, gender identity, sexual orientation, racial or ethnic origin, disability information, genetic information, marital status, or pregnancy and related information, if you provide this information as part of your application.
• Professional or Employment-Related Information. We collect information related to your employment history during the recruitment process. We will not request or collect your salary history information during the application process.
• Education Information. We collect your education history from you as part of your application.

3. How We Use the Information We Collect

We use the Personal Information we collect for the following business and commercial purposes:

• Recruiting and Hiring. We use the Personal Information we collect from your application and through the interview process to verify your application and evaluate your qualifications and eligibility for employment.
• Government Reporting. We use the Personal Information we collect to comply with mandatory government reporting requirements and applicable laws.

4. Additional Rights Under California Law
At this time, the CCPA does not afford you the right to make requests regarding your Personal Information. Theravance Biopharma will inform you about any policies and procedures related to such rights if they become available. This does not affect other rights you may have under the California Labor Code or similar laws.

5. How We Retain Your Personal Information
To the extent permitted by applicable law, Theravance Biopharma will retain your Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, including to meet any legal, accounting, or other reporting requirements or obligations.

6. How You Are Protected Against Discrimination
Theravance Biopharma will not unlawfully discriminate against you for exercising any of your rights under the CCPA. This commitment applies to all persons involved in our operations and prohibits unlawful discrimination by any employee of Theravance Biopharma, including supervisors and coworkers.

7. Disclaimer
Nothing in this Notice restricts Theravance Biopharma’s ability to:
• Comply with federal, state, or local laws;
• Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
• Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law;
• Exercise or defend legal claims;
• Detect security incidents and protect against fraudulent or illegal activity and prosecute those responsible for such activity; or
• Transfer Personal Information as part of a merger or acquisition, dissolution, bankruptcy, or any other transaction in which a third party assumes control of all or part of Theravance Biopharma.

8. Changes to This Notice
This Notice is reviewed and updated annually to ensure it accurately captures our practices and procedures. The effective date of this version is posted below.

9. Resolving Concerns and How to Contact Us
If you have questions or concerns regarding this Notice or the handling of your Personal Information, please contact us at [email protected] or (650) 808-6045.

EFFECTIVE DATE: March 16, 2021