Apply on Employer Site

Cencora · 1 day ago

Principal Engineer - Information Security

United States

Full-time

Remote

Lead/Staff

$156K/yr - $241K/yr

8+ years exp

Cencora is an innovative company dedicated to creating healthier futures. They are seeking a Principal Engineer in Information Security to lead and manage complex projects related to risk management, compliance, and security strategies, ensuring the protection of the company’s information assets.

Emergency MedicineEnterprise SoftwareHealth CareMedicalPharmaceutical

Responsibilities

Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; oversees risk and compliance self-assessments and engages and coordinates third-party risk and compliance assessments

Oversees the response to information system security incidents, including investigation of, countermeasures to, and recovery from, computer-based attacks, unauthorized access, and policy breaches; engages, interacts and coordinates with third-party incident responders

Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and provides oversight to ensure compliance

Provides technical leadership of projects involving large-scale, complex and highly analytical tasks

Plans and leads upgrades to security measures and tools for the protections of information systems and networks

Formulates methodologies to monitor for as well as respond to security related events and assist in remediation efforts of cyber security incidents

Provides technical guidance to the network administrators and system administrators, monitors and maintains the current infrastructure, improves system performance, and automates system administration from security perspective

Provides technical guidance, coaching, and mentorship to other ISO Engineers in executing their tasks & responsibilities

Oversees the maintenance of service-level agreements (SLAs) to ensure that security controls are upheld

Leads implementation of enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet compliance responsibilities

Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information

Develops, refines, and implements security policies, procedures, and standards across multiple platforms and application environments to meet internal and external compliance responsibilities

Coordinates with other senior technical executives in testing, development, and other IT teams to design, develop and implement security systems that protect company physical and intangible assets effectively

Reviews technical/functional design documents, build, maintain and implement cybersecurity, data security, and cloud security solutions

Consults with other business and technical staff on potential business impacts of proposed changes to the security environment

Provides security briefings to advise on critical issues that may affect the enterprise

Analyzes and generates insights from the metrics and KPIs gathered for executive review

Monitors and analyzes emerging cyber threats, vulnerabilities, and exploits relevant to the company’s infrastructure and products

Works closely with information security and line of business management to identify, formulate and implement information security solutions and controls and to maintain and configure security tooling

Coordinates with systems and network engineers to ensure servers and network devices conform to security standards and that security devices and controls are working as designed

Communicates advanced information security concepts with clients, peers, and all levels of management and vendors effectively

Researches and deploys various tools to help with Cyber Operations, Threat Hunting, Vulnerability Management and Offensive Security, Email Security, Mobile, IoT, Distribution centers and Cloud arenas

Responds to security alerts and escalates critical incidents to correct support teams and participates in incident response exercises

Serves as a subject matter expert (SME) for product research and development teams, working closely with software engineers, product management and development, and divisional and corporate information systems

Qualification

Information Security StrategyCybersecurityRisk ManagementIncident ResponseCloud SecurityIdentityAccess ManagementNetwork SolutionsThreat ModellingAzure Security EngineerCISSPProgramming LanguagesConflict ResolutionDecision MakingPresentation Skills