ERT Information Security Engineer in Boston, Massachusetts

ABOUT ERT

ERT is a global data and technology company that minimizes uncertainty and risk in clinical trials so that our customers can move ahead with confidence. With more than 45 years of clinical and therapeutic experience, ERT balances knowledge of what works with a vision for what’s next, so it can adapt without compromising standards.

Powered by the company’s EXPERT® technology platform, ERT’s solutions enhance trial oversight, enable site optimization, increase patient engagement, and measure the efficacy of new clinical treatments while ensuring patient safety. Over the past four years, more than half of all FDA drug approvals came from ERT-supported studies. Pharma companies, Biotechs, and CROs have relied on ERT solutions in 9,500+ studies spanning three million patients to date. By identifying trial risks before they become problems, ERT enables customers to bring clinical treatments to patients quickly – and with confidence. For more information, go to ert.com or follow us on LinkedIn, Twitter, and Facebook.

In this role, you will be ensuring that ERT's IT systems and underlying infrastructure are implemented to “security in depth” standards and best practices.

Essential Duties and Responsibilities:

  • Develop, document and implement a layered security platform and associated processes enabling core cloud operational requirements for :

  • Network and Host-based security

  • Applications and data security

  • Security monitoring & alerting

  • Access management

  • Partner with ERT Quality & Risk Management insuring proper Quality Management

  • Partner with Development and DevOps teams to insure layered security for new ERT products and services

  • Insure ERT systems and process security profiles adhere to security and GCP best practices for network, host, applications and access security methodologies

  • Lead, document and implement/instrument a cloud security profile, including:

  • Service infrastructure and platform security planning requirements

  • Security monitoring integration with ERT Operations Support System

  • Monitoring and advising and security patching requirements

  • Overall ownership and sign-off on security profile readiness for all SaaS, Business Systems, Operational Support Systems and Client Services Systems.

Other Duties and Responsibilities:

Effectively collaborate and communicate with Development, DevOps and LoBs in cross-functional teams and relevant management to report out security operations status

The duties and responsibilities listed in this job description represent the major responsibilities of the position. Other duties and responsibilities may be assigned, as required. ERT reserves the right to amend or change this job description to meet the needs of ERT. This job description and any attachments do not constitute or represent a contract.

  • Possess one or more advanced professional security certifications related to chosen discipline (CISSP, CCSP)

  • Demonstrated understanding of Information Security best practices.

  • At least 5+ years’ experience implementing layered security practices for network, host, applications, data and access to IaaS, PaaS and SaaS services in a hybrid deployment environment.

  • Experience in developing and deploying security specific solutions including the automation of repeatable security tasks and controls

  • Strong practical knowledge of web authentication / authorization standards

  • Solid oral and written communication skills

  • Solid collaboration skills.

  • Experience implementing and operating security technologies and processes in a hybrid cloud environment, such as AWS or Azure, customer premise

  • Have 2-3 years of cloud-based security run-time management experience

  • BS/BA degree in Computer Science, Information Systems or related field

  • Experience with software-defined network, compute and storage platforms

  • Strong networking fundamentals. You understand TCP/IP, VLAN’s, DNS, load balancing and software-defined layer 2/3 rule configurations.

  • Experience with security vulnerability and penetration tools such as BurpSuite, Qualys, Fortify

  • Implementation and management experience with hardware and software firewalls, AV, IDS/IPS platforms.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Hours: Mon-Fri, 9-5

External Company Name: eResearch Technology