Information Security Engineer - 2395
Editas Medicine
What if you could repair broken genes? That is the question we ask ourselves at Editas Medicine. We’re focused on translating the power and potential of the CRISPR/Cas9 and CRISPR/Cpf1 (also known as Cas12a) genome editing systems into a robust pipeline of medicines for people living with serious diseases around the world. Our goal is to discover, develop, manufacture, and commercialize transformative, durable, precision genomic medicines for many diseases. We’re looking for talented, dedicated, passionate people to join our team and help us pioneer this field and do big, bold things that have never been achieved before. Are you full of hope, possibilities, and a belief that, working together, we can truly revolutionize the development of medicines to help patients around the world? If the answer is yes, then Editas Medicine is the place for you.
Position Summary
The Information Security Engineer is responsible for assisting in the development, implementation, and maintenance of the organization's information security program. This role involves performing security assessments, monitoring security events, investigating and resolving security incidents, and ensuring compliance with regulatory requirements. Additionally, the Engineer will be responsible for stewardship of Information Security onboarding and ongoing refresher training for company staff. The ideal candidate should have a solid understanding of information security principles, practices, and technologies, along with strong analytical and problem-solving skills.
Responsibilities
- Conduct security assessments: Perform periodic vulnerability assessments, penetration testing, and risk assessments to identify vulnerabilities and recommend appropriate security measures.
- Monitor security events: Monitor security logs and alerts to identify potential security incidents, investigate alerts, and respond to security breaches or unauthorized access attempts.
- Incident response: Assist in the investigation and resolution of security incidents, including containment, eradication, and recovery activities. Document and report incidents to management as required.
- Security controls implementation: Assist in the implementation and configuration of security controls such as firewalls, intrusion detection/prevention systems, data loss prevention systems, and endpoint protection tools.
- Single Sign-On (SSO)/Multi-Factor Authentication (MFA) administration: Administer and maintain SSO/MFA systems and processes to ensure secure access to applications and systems.
- Identity and Access Management (IAM): Assist in the administration of IAM systems, including user provisioning, access reviews, and privileged access management.
- Email filtering technology: Administer and monitor email filtering systems to detect and mitigate phishing attempts, malware, and spam.
- Firewall policy administration and review: Manage and review firewall policies to ensure appropriate access controls and rule configurations are in place.
- Active Directory: Assist in the administration and maintenance of Active Directory, including user and group management, group policy administration, and security configuration.
- O365 Security Administration: Manage and monitor security settings and configurations within the Microsoft Office 365 environment.
- Cloud Access Security Broker (CASB): Administer and monitor CASB solutions to ensure visibility and control over cloud-based applications and data.
- Cloud Infrastructure Security Management: Assist in the security configuration and monitoring of cloud infrastructure services, such as AWS, Azure, or Google Cloud Platform.
- Compliance: Ensure compliance with relevant security regulations and standards through regular audits, gap analysis, and policy reviews. Assist in the development and maintenance of security policies and procedures.
- Security documentation: Maintain accurate and up-to-date security documentation, including security incident reports, risk assessments, and security policies and procedures.
- Security monitoring and reporting: Monitor security-related metrics and generate periodic reports for management, highlighting areas of concern and proposing recommendations for improvement.
- Information Security training: Oversee Information Security onboarding and ongoing refresher training for company staff, ensuring awareness of policies, procedures, and best practices.
- Stay updated on security trends: Keep abreast of the latest information security trends, vulnerabilities, and technologies, and recommend appropriate security enhancements to mitigate risks.
- Collaboration: Work closely with cross-functional teams, including IT operations, network administrators, and software developers, to ensure security considerations are integrated throughout the organization's systems and processes.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Security, or equivalent workplace experience. Relevant certifications such as CISSP, CISM, or SANS GIAC family are preferred.
- Solid understanding of information security principles, practices, and technologies, including network security, access controls, encryption, vulnerability management and over-arching Governance Risk and Compliance roles.
- Experience with security assessment tools and techniques, including vulnerability scanning, penetration testing, and risk assessment methodologies.
- 3-5 years of experience in information security, compliance, or a related field.
Preferred Qualifications
- Familiarity with security frameworks and standards such as NIST Cybersecurity Framework and ISO 27001.
- Knowledge of relevant regulatory requirements (e.g., GDPR, HIPAA, SOX) and experience with security compliance audits.
- Strong knowledge and experience in Single Sign-On (SSO) and Multi-Factor Authentication (MFA) administration.
- Experience with Identity and Access Management (IAM) systems and processes.
- Familiarity with email filtering technology to detect and mitigate phishing, malware, and spam.
- Experience in firewall policy administration and review.
- Proficiency in Active Directory administration, including user and group management and group policy administration.
- Experience with O365 security administration, including configuration and monitoring of security settings.
- Knowledge of Cloud Access Security Brokers (CASB) and their administration.
- Familiarity with cloud infrastructure security management in platforms such as AWS, Azure, or Google Cloud Platform.
- Strong analytical and problem-solving skills with the ability to assess and prioritize risks effectively.
- Excellent written and verbal communication skills to effectively communicate security-related concepts to technical and non-technical stakeholders.
- Ability to work independently as well as collaboratively in a team environment.
- Strong attention to detail and a commitment to maintaining the highest level of data confidentiality and integrity.
Benefits Summary:
Editas provides a comprehensive array of benefits to all employees, including a Blue Cross Blue Shield PPO Medical Plan, a company-funded Health Savings Account, Dental and Vision Insurance, Life and Disability Insurance, Dependent Care Account, Tuition Reimbursement, 401(k) plan with company match, Employee Stock Purchase Plan, Employee Assistance Plan, Wellness Programs, and a flexible Paid Time Off policy.