Alkermes, Inc. is the U.S. operating company of Alkermes plc, a fully integrated, global biopharmaceutical company that applies its scientific expertise and proprietary technologies to research, develop and commercialize, both with partners and on its own, pharmaceutical products that are designed to address unmet medical needs of patients in major therapeutic areas. Alkermes has a diversified portfolio of marketed products focused on central nervous system disorders such as addiction and schizophrenia and a pipeline of product candidates in the fields of neuroscience and oncology. Headquartered in Dublin, Ireland, Alkermes has a research and development (“R&D”) center in Waltham, Massachusetts; an R&D and manufacturing facility in Athlone, Ireland; and a manufacturing facility in Wilmington, Ohio.
The following position is for Alkermes, Inc.
Alkermes is currently recruiting for a Senior Security Analyst II to join as a lead member of the Information Security team. As part of our global team, the successful candidate will make a significant contribution to continuously improving and ensuring long term security for the organization. The ideal candidate maintains a quick grasp and a broad technical understanding of all areas of modern IT systems and should have strong knowledge in endpoint security/EDR, vulnerability management and SIEM among other areas of IT Security. This is an exciting opportunity for technical Security experts who have a desire to make an impact in a fast-paced and dynamic environment.
In this role, the individual will have the opportunity to lead and be involved in a broad range of Information Security related activities including taking the lead role in the selection and implementation of new SIEM and XDR platforms. In this role, the individual will also support the TPRM (Third Party Risk Management) program, security operations, Incident Response, IT Audit program as well as contributing to long-term security strategies, core security architecture and documentation. Typical responsibilities include but are not limited to the following:
• Lead project activities associated with the selection, implementation or upgrade of enterprise security solutions
• Perform and/or respond to information technology assessments, penetration tests, and/or audits of organizational automated systems and processes, interpret results, and develop recommendations for improvement to management.
• Oversee the scheduling of vulnerability scans in coordination with owners and custodians to ensure minimal impact to operational activities.
• Work closely with infrastructure and application teams to advise and assist in remediation of vulnerabilities within proper timeframes and track remediation
• Support the TPRM process by acting as a point of escalation for the MSP to assist with queries or requests
• Conduct research and analysis on new security products, services and standards
• Initiate and participate in process improvements
• Perform investigations on information security and cyber incidents, including determining root cause and lessons learned.
• Provide on-going consulting assistance to ensure security by design to address security issues and implement security policies, procedures, and measures. Promote awareness of applicable regulatory standards, upstream risks and industry best practices
• Attend Global Change Advisory Board and review proposed changes to identify gaps in controls or changes that introduce an unacceptable level of risk
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
Minimum Education & Experience Requirements:
• BS/BA in Computer Science, Computer Information Systems, Cybersecurity or 6+ years’ experience in IT Security or IT infrastructure disciplines
• Security certification from a qualified vendor such as SANS, ISC2 or ISACA preferred.
• Strong understanding of system and security architecture and design, operating systems, network infrastructure, device configuration hardening, and patch and configuration management
• Practical experience working and implementing endpoint management tools (AV, XDR etc.)
• Solid understanding and hands-on experience in SIEM concepts such as log correlation, aggregation, normalization, dashboards and report building.
• Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV and firewalls
• Knowledge of emerging security technologies, software, and methodologies
• Broad knowledge of core information security principles (e.g. access control, least privilege, data integrity) and security capabilities
• Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, NIST 800-53, ISO27001, CIS)
• Ability to work independently or as part of a team on defined tasks and can be relied upon to deliver high quality results in a collaborative environment
• Ability to quickly understand and adapt to a complex and rapidly changing environment
• Demonstrate problem solving, analytical skills and attention to detail
• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
• Ability to cope with change, make decisions and act comfortably with risk and uncertainty
• Pro-active mindset, ability to think end-to-end
• Passionate about sharing knowledge to educate others
Alkermes, Inc. is an equal employment opportunity employer and does not discriminate against any applicant because of race, creed, color, age, national origin, ancestry, religion, gender, sexual orientation, disability, genetic information, veteran status, military status, application for military service or any other class protected by state or federal law.