Security Engineer & Analyst

Join Lumen Bioscience as a Security Engineer & Analyst to be the guardian of our hybrid cloud infrastructure and endpoint ecosystem. In this role, you'll own security architecture, monitoring, and incident response across Microsoft 365/Entra ID, Azure, AWS, and a diverse endpoint fleet (Windows 11/macOS).

This position requires balancing stringent biotech regulatory and compliance requirements with practical, scalable security solutions that enable scientific innovation. If you enjoy building secure-by-design environments, leading incident response, and partnering with cross-functional teams to protect sensitive data and systems, we encourage you to apply.

Duties & Responsibilities:

• Cloud & Identity Security (~40%)

• Architect and maintain security posture across Azure, AWS, and Microsoft 365/Entra ID environments.

• Design and implement Zero/Low Implicit Trust architecture with Conditional Access policies, MFA enforcement, and Privileged Identity Management (PIM).

• Configure and maintain Azure Security Center, AWS Security Hub, and native cloud security controls.

• Implement secure baselines for cloud workloads, storage, and networking components.

• Manage identity lifecycle, RBAC, and least-privilege access models across cloud and SaaS platforms.

• Endpoint Security & Management (~30%)

• Administer endpoint protection platforms (EDR/XDR) across Windows 11 and macOS devices.

• Deploy and maintain Intune policies for Windows endpoints including BitLocker encryption, Windows Defender, and compliance baselines.

• Implement macOS security controls using MDM solutions (Jamf/Kandji or Intune for Mac).

• Secure shared laboratory and manufacturing endpoints using kiosk modes and restricted profiles.

• Orchestrate patch management, software deployment, and configuration drift monitoring for endpoints.

• Security Operations & Incident Response (~20%)

• Design and tune SIEM alerting rules (e.g., Azure Sentinel, Splunk, or similar) to minimize false positives while detecting critical events.

• Lead incident response activities including communication with MDR vendor, triage, forensics, containment, eradication, and recovery.

• Conduct threat hunting exercises and security investigations based on logs, alerts, and intelligence.

• Maintain incident response runbooks and coordinate tabletop exercises.

• Generate security metrics, KPIs, and executive-level reporting.

• Governance, Risk & Compliance (~10%)

• Support FDA, SOC 2, CMMC, and GxP audit activities through evidence collection, documentation, and remediation tracking.

• Perform vulnerability assessments and coordinate remediation efforts with relevant teams.

• Conduct vendor security assessments and manage third-party risk.

• Develop and maintain security policies, standards, and procedures.

• Partner with QA/Compliance teams on 21 CFR Part 11 and data integrity requirements.

Required Qualifications:

• Technical Skills:

• Endpoint Management: Strong Intune experience for Windows; familiarity with macOS MDM solutions (e.g. Intune, Jamf, or similar).

• Security Tools: Hands-on experience with EDR/XDR platforms such as Huntress, CrowdStrike, Defender for Endpoint, or SentinelOne.

• SIEM/Monitoring: Experience with Azure Sentinel, Splunk, or similar platforms, including log analysis and correlation.

• Scripting: Proficiency in PowerShell and Python for security automation and orchestration.

• Networking: Understanding of network segmentation, firewalls, VPNs, and zero-trust principles.

• Professional Skills:

• Clear technical writing skills for documentation, procedures, and audit artifacts.

• Ability to translate security risks into business impact for non-technical stakeholders.

• Strong problem-solving skills with high attention to detail.

• Self-motivated with the ability to work independently in a hybrid environment.

Desirable Qualifications:

• Industry & Compliance Experience:

• 2+ years in biotech, pharma, medical device, or healthcare IT environments

• Familiarity with FDA 21 CFR Part 11, EU Annex 11, NIST frameworks, CMMC, and/or SOC 2

• AZ-500, SC-200, SC-300, AWS Security Specialty, CISSP, CCSP, or comparable security certifications

• Advanced Skills:

• Experience with Infrastructure as Code (e.g., Terraform, ARM templates)

• Container security experience (e.g., Docker, EC2-based workloads)

• DevSecOps practices and CI/CD pipeline security

• Experience with Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions

Physical Requirements:

• Ability to sit for extended periods of time (2 or more hours)
• Occasionally lift or carry items up to 50 lb/23 kg

Benefits at Lumen Bioscience:

• Stock bonus
• Health, Dental, and Vision premiums fully covered by Lumen
• 401k match up to 4%
• Industry-leading PTO policy, paid refresh days, and paid year-end holiday office closure
• Monthly wellness program to support your health and well-being
• Free onsite parking or public transportation subsidies
• Comprehensive parental leave policies
• Life insurance, short & long-term disability, and access to employee assistance programs

At Lumen Bioscience, we foster a workplace built on collaboration, innovation, and professional growth. This role offers a significant opportunity to contribute directly to cutting-edge biotechnology and the advancement of global health solutions.

Join us to shape innovative solutions and drive operational excellence.

Compensation Range

$115,000 - $130,000 USD

Create a Job Alert

Interested in building your career at Lumen Bioscience? Get future opportunities sent straight to your email.

Create alert