Listing Description

Sumitovant is a global company whose single aim is to make a difference in the lives of people by harnessing the power of technology to develop innovative medicines faster and better. We are a wholly owned subsidiary of Sumitomo Pharma and the parent company of four biopharma companies: Urovant, Enzyvant, Altavant and Spirovant; we are also the majority owner of Myovant, a publicly listed life sciences company. Sumitovant brings expertise and oversight to its family of biotech companies known as Vants. At Sumitovant, we will give you the resources and freedom to tackle some of the most important and challenging problems in healthcare. If you find that exciting, we want to work with you!

Who you are: 

Our Information Security team is seeking a candidate with a strong knowledge of Information Security Engineering controls and best practices. You should possess knowledge of designing and driving security projects.  You will assist in the building of infrastructure and technical capabilities, develop and implement incident response playbooks and use cases. The Associate Information Security Engineer will report to the Information Security Manager and will be responsible for the design and implementation of security efforts to protect network and systems against cyber-attacks and data breaches. In this role, you will be responsible for the provisioning, deployment, configuration, and administration of information security systems, including security monitoring, endpoint protection, identity and access management, vulnerability management and incident response. This role can be located anywhere within the US, with a preference for the New York area.

Specific Responsibilities:

•    Design and drive security projects and initiatives, to ensure ongoing compliance with approved policies and regulatory requirements.
•    Assist in the architecture, implementation, management, and enhancement of technical security capabilities – IPS/IDS, DLP, IAM, SIEM, etc.
•    Monitor IDS alerts, suspicious emails, network logs, and system audit logs for anomalous activities.
•    Analyze internal and external threats/vulnerabilities and coordinate appropriate remediation efforts with other internal stakeholders.
•    Provide security incidents and response support, as needed.
•    Develop and implement SIEM use cases, to support the monitoring of network infrastructure, and handle escalations with managed service providers.
•    Triage security tickets according to priority levels.
•    Prepare and maintain up to date documentation details, including standard operating procedures, of deployed technical solutions.
•    Develop and maintain playbooks on security responses and objectives.
•    Perform internal auditing of security systems to verify their effectiveness.
•    Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
•    Technical knowledge of database and operating system security.
•    Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
•    Understanding of the latest security principles, techniques, and protocols.
•    Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols.
•    Problem solving skills and ability to work under pressure.

Recommended but not required:  

•    Bachelor’s degree in Information Systems or similar related field required.
•    Minimum of 3-5 years information security engineering and operations experience required.
•    CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) equivalent certification preferred.
•    Experience utilizing scripting languages for automation - Python, Powershell preferred.
•    Strong understanding of key information security concepts and fundamentals, secure network design, system hardening, network and host-based security technologies, cloud-based architecture and models. Think NIST, MITRE & ATTCK, ISO and other compliance frameworks etc.

This position will be performed in whole or in part in NYC. The range of $110,000 to $125,000 only applies to base salary, which is only a component of the total rewards package for this role.  The base salary range suggested here does not include elements which may be included in the total compensation for this position, such as bonuses, overtime, benefits, perquisites, and/or company contributions to employee 401(k) accounts.  Total compensation, including base salary to be offered, will depend on elements unique to each candidate, including candidate experience, years of service, individual performance, geographic considerations, company and business unit needs and budget, and market conditions.