Senior Security Engineer / AppSec Engineer
About The Position
Life changing therapies. Global impact. Bridge to thousands of biopharma companies and their patients. We are PCI. Our investment is in People who make an impact, drive progress and create a better tomorrow. Our strategy includes building teams across our global network to pioneer and shape the future of PCI. Position Summary The Senior Security Engineer will serve as the technical security lead for PCI Pharma, responsible for security architecture, application security, vulnerability management, and security engineering across enterprise and manufacturing environments. This role combines hands-on technical work with strategic security advisory, ensuring protection of pharmaceutical intellectual property, patient data, and compliance with industry regulations.
Requirements
- Bachelor's degree in Computer Science, Cybersecurity, or related field
- 7+ years of progressive cybersecurity experience with 3+ years in security engineering/architecture
- Deep expertise in vulnerability management tools (Nessus, Qualys, or Rapid7)
- Strong application security knowledge including OWASP Top 10, secure SDLC, and DevSecOps practices
- Experience with cloud security in Azure and/or AWS (security groups, IAM, encryption)
- Proficiency in network security including firewalls, IDS/IPS, and segmentation
- Knowledge of endpoint security solutions and EDR platforms
- Strong scripting abilities (PowerShell, Python) for security automation
- Experience in regulated industries with compliance requirements
- CISSP, CISM, or equivalent security certification
Nice To Haves
- Master's degree in Cybersecurity or Information Assurance
- Pharmaceutical or healthcare industry experience with GxP knowledge
- GPEN, OSCP, or other hands-on security certifications
- Experience with IT/OT security and industrial control systems
- Knowledge of 21 CFR Part 11 and computer system validation
- Cloud security certifications (AZ-500, AWS Security Specialty)
- Nessus / Tenable.io vulnerability management
- SAST/DAST tools (SonarQube, Checkmarx, Burp Suite)
- Azure Security Center / AWS Security Hub
- EDR platforms (CrowdStrike, Defender for Endpoint)
- SIEM platforms (Splunk, Sentinel)
- Firewall management (Palo Alto, Cisco ASA)
- PowerShell / Python security scripting
- Git and CI/CD security integration
Responsibilities
- Design and implement security architecture for cloud (Azure, AWS), on-premises, and hybrid environments
- Lead application security program including SAST/DAST integration, secure code reviews, and developer training
- Manage enterprise vulnerability management using Nessus, including scan scheduling, risk prioritization, and remediation tracking
- Architect and maintain Zero Trust security framework including identity-centric access controls
- Conduct security assessments for new applications, infrastructure changes, and M&A integrations
- Design network segmentation strategies for IT/OT environments and manufacturing systems
- Implement and manage endpoint security solutions (EDR, AV) in coordination with RUN team
- Lead security incident response for complex technical investigations
- Develop security standards, policies, and technical guidelines aligned with pharmaceutical regulations
- Evaluate and recommend security tools and technologies for continuous improvement
- Coordinate penetration testing activities and remediation of findings
- Provide security consultation for cloud migrations and digital transformation initiatives
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
