Data Security Engineer
- Full-Time
- Sacramento, CA
- Bausch + Lomb
- Posted 1 year ago – Accepting applications
Job Description
Bausch+Lomb Companies Inc. (NYSE/TSX: BHC) is a global company that develops, manufactures and markets a range of pharmaceutical, medical device and over-the-counter products, primarily in the therapeutic areas of eye health, gastroenterology and dermatology. We are delivering on our commitments as we build an innovative company dedicated to advancing global health. Each day, Bausch+Lomb products are used by over 150 million people around the world.
Our approximately 21,000 employees are united around our mission of improving peoples lives with our health care products, and we manufacture and market health care products directly or indirectly in approximately 100 countries.
Data Security Engineer
As a Data Security Engineer, you will help secure Bausch & Lomb data against both insider and outsider threats. You will help manage our state-of-the-art security tools to correlate threats, respond to incidents, and protect our data. Additionally, you'll work collaboratively with other members of our Global Security team to investigate incidents, analyze attack methods, research new defense techniques and tools, develop security policy, and document procedures for the Global Security Operations Center.
Responsibilities
Develop strong working relationships with support teams, management, and cross functional working groups.
You will leverage advanced information security, operations, cyber defense, and incident response experience to drive change and transformation within the Global Security Team.
Security lead for projects in Data Security, Data Classification, and Data Loss Prevention.
Management of information protection and Data Loss Prevention tools and techniques.
Interact with Data Privacy and Compliance departments as it relates to data security.
Conduct computer forensic analysis, data recovery, eDiscovery, and any other IT investigative work.
Detection and Response experience (Detection Engineering, Digital Forensics, Incident Response, and/or Threat Intelligence)
Performs incident response activities and ensure that proper protection or corrective measures have been taken when an incident has been discovered.
As a member of the Security Incident Response Team (SIRT), respond to threats by working with the 24x7x365 Security Operations Center (SOC) and Security working teams to support security monitoring, protection, and delivery of security services for the organization.
Write playbooks for incident responders.
Responsible for assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices; interacts with internal and external technical staff and consults with project teams at various stages of project cycles.
You will require an understanding of the entire ecosystem of data protection including well-rounded understanding of the information security domains and their inter-relations across that ecosystem
Report status on activities, issues, projects, etc. to senior staff/management, including the effectiveness and efficiency of security activities.
Propose new standards, tools, policies, and procedures to improve security, compliance and risk management activities based on security operations findings, or security events or incidents.
Collaborate with IT teams and security colleagues to ensure audit readiness, and to prepare for internal and external audits.
Identify gaps in controls, processes, systems and recommend solutions
Qualifications/Skills
Minimum five years as a data security engineer and/or data security analyst.
Hands-on experience with Microsoft Advanced Information Protection, Microsoft Data Loss Prevention, and Microsoft Cloud App Security technologies.
Experience in building security processes, run books and documenting important security tasks.
Must be able to maintain data confidentiality and compliance with regulatory requirements (HIPAA, FERPA, PCI, etc.).
Ability to quickly and effectively investigate security incidents, perform root cause analysis, and document findings.
Understanding of cyber-security principles such as encryption, ports, protocols & services, policies, procedures, physical security, risk management, configuration management, ethics, access control, security architecture, continuity of operations, contingency planning, application security, etc.
Advanced understanding of the information security threat landscape. Should be up to date on current attacker tools, techniques, and procedures.
Understanding of existing and emerging technologies.
Experience of being a member of Security Incident Response teams
Education and Experience
Bachelor's Degree in Information Technology, Computer Science, Security or equivalent educational or professional experience and/or qualifications.
Security certifications such as CISSP, CISM, GIAC, CEH, Security+ or equivalent certifications a plus.
This position may be available in the following location(s): [[Rochester, NY]]
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Job Applicants should be aware of job offer scams perpetrated through the use of the Internet and social media platforms.
Apply to this Job
Our approximately 21,000 employees are united around our mission of improving peoples lives with our health care products, and we manufacture and market health care products directly or indirectly in approximately 100 countries.
Data Security Engineer
As a Data Security Engineer, you will help secure Bausch & Lomb data against both insider and outsider threats. You will help manage our state-of-the-art security tools to correlate threats, respond to incidents, and protect our data. Additionally, you'll work collaboratively with other members of our Global Security team to investigate incidents, analyze attack methods, research new defense techniques and tools, develop security policy, and document procedures for the Global Security Operations Center.
Responsibilities
Develop strong working relationships with support teams, management, and cross functional working groups.
You will leverage advanced information security, operations, cyber defense, and incident response experience to drive change and transformation within the Global Security Team.
Security lead for projects in Data Security, Data Classification, and Data Loss Prevention.
Management of information protection and Data Loss Prevention tools and techniques.
Interact with Data Privacy and Compliance departments as it relates to data security.
Conduct computer forensic analysis, data recovery, eDiscovery, and any other IT investigative work.
Detection and Response experience (Detection Engineering, Digital Forensics, Incident Response, and/or Threat Intelligence)
Performs incident response activities and ensure that proper protection or corrective measures have been taken when an incident has been discovered.
As a member of the Security Incident Response Team (SIRT), respond to threats by working with the 24x7x365 Security Operations Center (SOC) and Security working teams to support security monitoring, protection, and delivery of security services for the organization.
Write playbooks for incident responders.
Responsible for assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices; interacts with internal and external technical staff and consults with project teams at various stages of project cycles.
You will require an understanding of the entire ecosystem of data protection including well-rounded understanding of the information security domains and their inter-relations across that ecosystem
Report status on activities, issues, projects, etc. to senior staff/management, including the effectiveness and efficiency of security activities.
Propose new standards, tools, policies, and procedures to improve security, compliance and risk management activities based on security operations findings, or security events or incidents.
Collaborate with IT teams and security colleagues to ensure audit readiness, and to prepare for internal and external audits.
Identify gaps in controls, processes, systems and recommend solutions
Qualifications/Skills
Minimum five years as a data security engineer and/or data security analyst.
Hands-on experience with Microsoft Advanced Information Protection, Microsoft Data Loss Prevention, and Microsoft Cloud App Security technologies.
Experience in building security processes, run books and documenting important security tasks.
Must be able to maintain data confidentiality and compliance with regulatory requirements (HIPAA, FERPA, PCI, etc.).
Ability to quickly and effectively investigate security incidents, perform root cause analysis, and document findings.
Understanding of cyber-security principles such as encryption, ports, protocols & services, policies, procedures, physical security, risk management, configuration management, ethics, access control, security architecture, continuity of operations, contingency planning, application security, etc.
Advanced understanding of the information security threat landscape. Should be up to date on current attacker tools, techniques, and procedures.
Understanding of existing and emerging technologies.
Experience of being a member of Security Incident Response teams
Education and Experience
Bachelor's Degree in Information Technology, Computer Science, Security or equivalent educational or professional experience and/or qualifications.
Security certifications such as CISSP, CISM, GIAC, CEH, Security+ or equivalent certifications a plus.
This position may be available in the following location(s): [[Rochester, NY]]
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Job Applicants should be aware of job offer scams perpetrated through the use of the Internet and social media platforms.