Senior Security Engineer

At OneStudyTeam (a Reify Health company), we specialize in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes. Our cloud-based platform, StudyTeam, brings research site workflows online and enables sites, sponsors, and other key stakeholders to work together more effectively. StudyTeam is trusted by the largest global biopharmaceutical companies, used in over 6,000 research sites, and is available in over 100 countries. Join us in our mission to advance clinical research and improve patient care.

One mission. One team. That’s OneStudyTeam.

By joining our team as a Senior Security Engineer, you will become a leading subject matter expert on the security of modern web applications, APIs, cloud infrastructure, and corporate environment security. In close collaboration with technical advisors and staff engineers, you will assess the security of new applications, features, partner integrations, data flows, and internal configuration/administration tools. You will also be a technical leader in incident response and vulnerability management.

What You’ll Be Working On

• Integrate with data and software engineering teams to assess the security of new applications, features, partner integrations, data flows, and internal product configuration/administration tools.   
• Develop solutions to enable and enhance the security of our services and infrastructure on Azure and AWS, such as mechanisms to identify and prevent security incidents and accelerate the team’s response to security issues.   
• Assess, validate as necessary, coordinate, and confirm remediation of vulnerabilities identified through third-party penetration testing and internal vulnerability scans in conjunction with engineering teams (e.g., DevOps/SRE, Software Engineering).
• Play a key role in selecting, designing, configuring, and using additional vulnerability scanning technologies (e.g., container scanning, SCA/SBOM, SAST, DAST, IAST, RASP).
• Serve as a technical leader on incident response for web applications and infrastructure.
• Recommend, drive, and implement improvements to our Security Program, including how the program is integrated within the SDLC.
• Will author and, when appropriate, delegate formal technical risk assessments to team members, documenting security findings and outlining required mitigating controls.

What You’ll Bring to OneStudyTeam

• Seven or more years of experience in a dedicated technical security role is required.
• Two or more years of experience with Azure is required.
• Five or more years with Azure and AWS preferred.
• Experience with Microsoft Sentinel or Exabeam SIEM preferred.
• Experience with Crowdstrike preferred.
• Proficiency in Python for programmatic data analysis and automation is required.
• A deep understanding of modern application stacks is required, including microservice architectures, containerization, CI/CD, and IaC in a cloud environment such as AWS or Azure.
• Solid knowledge of OWASP Top 10 from both the attack chain and mitigation perspectives.
• Understanding modern source control systems (e.g., Git, Gihub) is required.
• Desire to mentor other security team members while collaborating with senior engineers is required. 
• Prior experience collaborating with Data, Engineering, DevOps/SRE, and Product teams to assess technical security risks is preferred.  
• Experience leading technical incident response or vulnerability management for modern web applications and infrastructure is a strong plus.

We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status.

Note: OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OneStudyTeam works with a Professional Employer Organization.

As a condition of employment, you will abide by all organizational security and privacy policies.

This organization participates in E-Verify (E-Verify's Right to Work guidance can be found here).