Lead Cyber Security Engineer

Van Andel Institute

1d•Onsite

About The Position

Van Andel Institute (VAI), a world-class biomedical research institute, located in Grand Rapids, Michigan, is dedicated to improving human health. We are pioneers in the fight against cancer, Parkinson's, and other diseases. We are committed to inspiring the next generation of scientists and educators. Van Andel Institute is seeking a Lead Cyber Security Engineer responsible for driving the strategic design, implementation, and continuous evolution of the organization’s security program. You will provide both technical and operational leadership across security engineering and security operations, with direct accountability for incident response, threat detection, and the effectiveness of enterprise security controls. This position plays a critical role in protecting biomedical research assets, ensuring compliance with federal grant requirements, and advancing overall cybersecurity maturity.

Requirements

Bachelor’s degree in Cybersecurity, Computer Science, or related technical field (or equivalent experience)
5–8 years of experience in cybersecurity engineering and operations
3+ years in a leadership, technical lead, or program oversight role
Strong expertise in enterprise security architecture and risk management frameworks
Hands-on experience with vulnerability management tools and methodologies
Proven ability to lead incident response and security operations programs
Strong analytical and risk quantification skills

Nice To Haves

Experience in biomedical research, higher education, or federally regulated environments
Professional certifications such as CISSP, CISM, CCSP, CCNP Security, or CRISC
Deep knowledge of MITRE ATT&CK and adversary tactics targeting research institutions
Experience with federal compliance standards including NIH, CUI, and GDS Policy
Strategic thinker with strong execution capability
Ability to communicate complex technical risks to executive stakeholders
Leadership, mentorship, and cross-functional influence
Strong incident command and crisis management skills
Continuous improvement mindset with a focus on operational maturity

Responsibilities

Lead the development and execution of enterprise security architecture strategy and multi-year roadmap
Design and implement secure infrastructure across cloud (Azure, AWS, M365) and on-prem environments
Architect secure research computing environments, including data enclaves for controlled datasets (e.g., dbGaP)
Ensure alignment with NIST CSF, NIST SP 800-171, NIH, GDS Policy, and CUI program requirements
Oversee the implementation and effectiveness of security controls (EDR, SIEM, MFA, firewalls, vulnerability scanners, email/web security)
Lead vulnerability management and remediation programs
Drive IAM strategy, third-party risk assessments, and secure system design reviews
Mature SOC capabilities including detection engineering, monitoring, and response
Serve as Incident Commander for major cybersecurity events
Lead enterprise incident response coordination, tabletop exercises, and red/blue team simulations
Develop and enhance threat detection capabilities in alignment with security frameworks
Evaluate emerging threats targeting biomedical IP and research environments
Ensure breach notification and incident reporting compliance with NIH and federal guidelines
Translate technical risks into executive-level metrics and reporting
Lead audit readiness, regulatory reviews, and corrective action planning
Maintain alignment with federal compliance requirements and grant obligations
Develop and maintain security policies, standards, and SOPs
Partner with Legal, HR, Finance, IT, and Research teams on risk and compliance initiatives
Coordinate with grants management and compliance offices during incidents and audits