Security Engineer & Analyst

Join Lumen Bioscience as a Security Engineer & Analyst to be the guardian of our hybrid cloud infrastructure and endpoint ecosystem. In this role, youll own security architecture, monitoring, and incident response across Microsoft 365/Entra ID, Azure, AWS, and a diverse endpoint fleet (Windows 11/macOS).

This position requires balancing stringent biotech regulatory and compliance requirements with practical, scalable security solutions that enable scientific innovation. If you enjoy building secure?by?design environments, leading incident response, and partnering with cross?functional teams to protect sensitive data and systems, we encourage you to apply.

Duties & Responsibilities

Cloud & Identity Security (~40%)

Architect and maintain security posture across Azure, AWS, and Microsoft 365/Entra ID environments.

Design and implement Zero/Low Implicit Trust architecture with Conditional Access policies, MFA enforcement, and Privileged Identity Management (PIM).

Configure and maintain Azure Security Center, AWS Security Hub, and native cloud security controls.

Implement secure baselines for cloud workloads, storage, and networking components.

Manage identity lifecycle, RBAC, and least-privilege access models across cloud and SaaS platforms.

Endpoint Security & Management (~30%)

Administer endpoint protection platforms (EDR/XDR) across Windows 11 and macOS devices.

Deploy and maintain Intune policies for Windows endpoints including BitLocker encryption, Windows Defender, and compliance baselines.

Implement macOS security controls using MDM solutions (Jamf/Kandji or Intune for Mac).

Secure shared laboratory and manufacturing endpoints using kiosk modes and restricted profiles.

Orchestrate patch management, software deployment, and configuration drift monitoring for endpoints.

Security Operations & Incident Response (~20%)

Design and tune SIEM alerting rules (e.g., Azure Sentinel, Splunk, or similar) to minimize false positives while detecting critical events.

Lead incident response activities including communication with MDR vendor, triage, forensics, containment, eradication, and recovery.

Conduct threat hunting exercises and security investigations based on logs, alerts, and intelligence.

Maintain incident response runbooks and coordinate tabletop exercises.

Generate security metrics, KPIs, and executive-level reporting.

Governance, Risk & Compliance (~10%)

Support FDA, SOC 2, CMMC, and GxP audit activities through evidence collection, documentation, and remediation tracking.

Perform vulnerability assessments and coordinate remediation efforts with relevant teams.

Conduct vendor security assessments and manage third-party risk.

Develop and maintain security policies, standards, and procedures.

Partner with QA/Compliance teams on 21 CFR Part 11 and data integrity requirements.

Required Qualifications

Technical Skills

Endpoint Management: Strong Intune experience for Windows; familiarity with macOS MDM solutions (e.g. Intune, Jamf, or similar).

Security Tools: Hands?on experience with EDR/XDR platforms such as Huntress, CrowdStrike, Defender for Endpoint, or SentinelOne.

SIEM/Monitoring: Experience with Azure Sentinel, Splunk, or similar platforms, including log analysis and correlation.

Scripting: Proficiency in PowerShell and Python for security automation and orchestration.

Networking: Understanding of network segmentation, firewalls, VPNs, and zero?trust principles.

Professional Skills

Clear technical writing skills for documentation, procedures, and audit artifacts.

Ability to translate security risks into business impact for non?technical stakeholders.

Strong problem?solving skills with high attention to detail.

Self?motivated with the ability to work independently in a hybrid environment.

Desirable Qualifications

Industry & Compliance Experience

2+ years in biotech, pharma, medical device, or healthcare IT environments

Familiarity with FDA 21 CFR Part 11, EU Annex 11, NIST frameworks, CMMC, and/or SOC 2

AZ?500, SC?200, SC?300, AWS Security Specialty, CISSP, CCSP, or comparable security certifications

Advanced Skills

Experience with Infrastructure as Code (e.g., Terraform, ARM templates)

Container security experience (e.g., Docker, EC2?based workloads)

DevSecOps practices and CI/CD pipeline security

Experience with Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions

Physical Requirements

Ability to sit for extended periods of time (2 or more hours)

Occasionally lift or carry items up to 50 lb/23 kg

Benefits at Lumen Bioscience

Stock bonus

Health, Dental, and Vision premiums fully covered by Lumen

401k match up to 4%

Industry?leading PTO policy, paid refresh days, and paid year?end holiday office closure

Monthly wellness program to support your health and well?being

Free onsite parking or public transportation subsidies

Comprehensive parental leave policies

Life insurance, short & long?term disability, and access to employee assistance programs

At Lumen Bioscience, we foster a workplace built on collaboration, innovation, and professional growth. This role offers a significant opportunity to contribute directly to cutting?edge biotechnology and the advancement of global health solutions.

Join us to shape innovative solutions and drive operational excellence.

Compensation Range

$115,000 $130,000 USD

Voluntary Self?Identification

For government reporting purposes, we ask candidates to respond to the below self?identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Lumen Biosciences Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows.

Voluntary Self?Identification of Disability

Form CC?305 Page?1 of?1 OMB Control Number?1250?0005 Expires?04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7?% of our workers as people with disabilities. The law says we must measure our progress toward this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your major life activities. If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)

Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS

Blind or low vision

Cancer (past or present)

Cardiovascular or heart disease

Celiac disease

Cerebral palsy

Deaf or serious difficulty hearing

Diabetes

Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders

Epilepsy or other seizure disorder

Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome

Intellectual or developmental disability

Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD

Missing limbs or partially missing limbs

Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports

Nervous system condition, for example, migraine headaches, Parkinsons disease, multiple sclerosis (MS)

Neurodivergence, for example, attention?deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities

Partial or complete paralysis (any cause)

Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema

Short stature (dwarfism)

Traumatic brain injury

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete. #J-18808-Ljbffr