This is a fully Remote and Work From Home (WFH) opportunity within the US
Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. Backed by venture investors such as Glynn Capital, Google Ventures, Redmile Group, dRx Capital and Lux Capital, we are revolutionizing the clinical trial industry one patient at a time. To help us achieve our goal, we are seeking a AWS Principal Security Engineer eager to make an impact within a mission-driven organization.
As the AWS Principal Security Engineer, you will be responsible for the application security of the entire software suite that Tech is creating, using and managing including Science 37’s flagship product NORA. Our mission is to make NORA the safest and most secure Clinical Trials Management System that everybody trusts with their most sensitive data.
At Science 37, we take security seriously. We are in a position to help protect not only our clients and sponsors but the patients and their health-related data. We strive to provide a well-balanced Clinical Trial Management System that patients are completely assured that their data is safe, and the sponsors get the reliable data and the result.
You will be working closely with engineering, product, legal, compliance and quality assurance, IT and marketing to define and execute the security strategy and solutions.
DUTIES AND RESPONSIBILITIES
Duties include but are not limited to:
1. Introduce and Manage Endpoint detection and response (EDR) in AWS
2. Manage AWS WAF with F5/Fortinet rules
3. Manages KMS (Data at Rest, Data in Transit) and Secrets Manager in a automatic way
4. Utilize GuardDuty, Inspector, ECS, SecurityHub, AWS Config, Macie and Trust Advisor
5. Analyze and modify terraform/cloud formation
6. Introduce and optimize Cloud Custodian and manage Boto/Python languages
7. Manage IAM (identity policies, resource policies, permission boundaries, and tagging.)
8. Improve Security of AWS RDS, Dynamo DB and
9. Introduce HITRUST certified AWS environment
10. Manage CloudWatch/Metrics/Lambda functions with SNS notifications (Automation.)
11. Manage and define preventive guardrails, detective controls and automated alerts and remediations to ensure secure implementation in all AWS cloud environments
QUALIFICATIONS & SKILLS
1. Bachelor’s Degree in Computer Science, Information Science and similar fields
2. 10+ years of professional experience in application security and AWS
3. Deep experience in detection, monitoring, alerting or threat intelligence
4. Strong analytical skills to solve complex problems with multiple variables
5. Experience in applying security to cloud technologies (Managing secrets, Securing CD pipeline, Secure Infrastructure as Code, Container Security, DevSecOps and CI/CD Implementation.)
6. Excellent communication skills to both technical and non-technical leaders
7. PLUS: Knowledge of consumer privacy industry compliance requirements; GDPR, CCPA, ISO 27001, PCI, HIPPA, GxP, 21 CFR Part 11
1. Outstanding organizational and leadership abilities
2. High level, written and verbal communication skills
3. An effective communicator; strong communication, negotiation and influence skills
4. Proven track record of delivering results and meeting targets
5. Good blend of analytical skills, strategic thinking, planning and implementation
6. Ability to articulate ideas to both technical and non-technical audiences
7. Commitment to results; is focused and results driven, excellent time management skills
8. Action oriented and innovative; able to translate broad goals into achievable steps
9. Motivating; knows how to influence and enable others
10. Strong problem solving and creative skills and the ability to exercise sound judgment and make decisions based on accurate and timely analyses
11. High level of integrity and dependability with a strong sense of urgency and results-orientation
12. Ability to foster and cultivate business opportunities and partnerships
1. Ability to communicate in English (both verbal and written)
Position reports to Director of Application Security
No direct reports
Science 37 values the well-being of its employees and aims to provide team members with everything they need to succeed.
Submit your resume to apply!