Model N Global Information Security team is seeking Senior Information Security Engineer. This role is responsible for management and development of Model N’s Information Security program to support business objectives. This role will act as a critical partner who will work with multiple different teams across organization. The role will provide security expertise, improving our security incident management and threat management program, mentoring, and working with teams throughout the organization. The mission of Global Information Security team is to enable teams and business by protecting our brand. The role will have expertise in technology integrations, and workflow automations across physical, virtual and cloud computing, pushing process improvements, influencing organization priorities, and tackling security projects. Sr. Information Security Engineer will be a critical and high-impact individual who will work closely with several key individuals and teams and will be part of a talented team of security engineers and architects who demonstrate superb technical competency, delivering mission critical infrastructure and ensuring the highest levels of availability, performance, and security across our enterprise. Qualified candidates will have a background in Information Security, Security Incident Management, Security Operations, Threat Management and Engineering.
Want more jobs like this?
Get Software Engineering jobs in Hyderabad, India delivered to your inbox every week.
This role reports into the Global Information Security Officer & DPO and will maintain strong relationships with all line-of-business technology groups.
Responsibilities:
•Receiving and responding to cyber security alerts and security incident reports.
•Actively calling and leading security incident bridges and coordinating internal incident response efforts between first responders, operations teams, and managed security services.
•Configure, support and manage SIEM and related tools, processes and procedures.
•Overseeing the incident management process and team members involved in resolving the incident.
•Collecting intrusion artifacts (e.g., source code, malware, trojans) and using discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
•Coordinating and providing expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
•Defining information system security requirements and functionality.
•Producing formal and informal reports, briefings, and direct input to the customer.
•Support Model N business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including but not limited to Sarbanes Oxley (SOX), SOC, ISO 27001, ISO, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc. Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively.
•Responsible for quality and on-time execution of periodic audit activities such as change management review, SDLC review, audit of release process and CI/CD, Segregation of duties etc.
•Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plan. Perform follow up activities related to remediate gaps, drive remediation efforts.
•Thorough understanding of the latest security principles, techniques, and protocols
•Can communicate to senior leaders, provide recommendations, and excels at gaining multi-team alignment.
•Knowledge of industry best practices for foundational security elements including network devices and system-level hardening
•Serve as point of contact to work closely with cross functional teams - Engineering/ product security/ IT/ corporate security teams to identify risk to the business/ product and other areas necessary to identify risks to the business.
•Display technical excellence in Cloud Native technologies as well as multidisciplinary capabilities in coding, and networking.
•Be able to map technical controls to the risk they solve and help create business justification for the necessary technical solutions
•Priorities can often change in a fast-paced environment like ours, so this role includes, but is not limited to, the following responsibilities:
•Providing guidance, expertise and influence across Security, Cloud and IT programs
•Stay in sync with Product Development, Product Management, Security Engineering and Product Architecture teams to help the organization deliver its goals
•Work with Information Security and other teams to drive new projects, product implementations configuration reviews, ensuring that best practice standards are maintained
•Hands-on experience with Incident Management, SIEM/SOAR, log collection, normalizing, and management; security infrastructure and policies; and risk mitigation
Qualifications:
•5+ years of experience in Information Security, Security Architecture, Threat Management and Security Operations.
•Cloud security essentials in at least one of AWS, OCI, or Azure.
•Broad security subject matter expertise in areas such as network security, endpoint security, malware analysis, reverse engineering, and cloud etc.
•Experience with a SIEM and SOAR platform.
•Experience with building incident response tooling and scripting language skills.
•Must have experience supporting and driving ISO 27001, SOC, PCI DSS readiness and audit (e.g., control design review, control operating effectiveness audit, assessment write -ups and control documentation review, audit evidence upload, supporting audit walkthroughs with auditors, etc.)
•Certification preferred (but not a requirement) in one or more of the following: CISA, CISM, Cloud platforms.
•Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders.
•Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement. Must be aware of and deliver quality stakeholder engagement experience.
•Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
•Ability to multitask and manage simultaneous projects
At Model N, we believe our collective success stems from the uniqueness of every individual's diverse backgrounds, experiences, and expertise; we call this the N Factor. So don’t allow uncertainty to keep you from applying to join our team. If you don’t meet the exact criteria but can demonstrate your skillset is the best for the job, we’d love to talk with you. We’re curious to know, what’s your N Factor?
About Model N
Model N enables life sciences and high tech companies to drive growth and market share, minimizing revenue leakage throughout the revenue lifecycle. With deep industry expertise and solutions purpose-built for these industries, Model N delivers comprehensive visibility, insight and control over the complexities of commercial operations and compliance. Our integrated cloud solution is proven to automate pricing, incentive and contract decisions to scale business profitably and grow revenue. Model N is trusted across more than 120 countries by the world’s leading pharmaceutical, medical technology, semiconductor, and high tech companies, including Johnson & Johnson, AstraZeneca, Stryker, Seagate Technology, Broadcom and Microchip Technology. For more information, visit www.modeln.com.
We’re constantly growing and may have something for you later on if this is not the right opportunity for you. Check out our career site to learn more about Model N or view other jobs: https://www.modeln.com/company/careers/