Bausch Health

Join our global diversified pharmaceutical company enriching lives through our relentless drive to deliver better health outcomes to our patients. We are all in it together to make a difference. Be a part of a culture that doesn't just wait for change but actively creates it—where your skills and values drive our collective progress and impact.

As a Senior IT Security Engineer on the Cloud Security team, you will be responsible for leading the design and implementation of enterprise-grade security solutions tailored to cloud environments such as Azure, AWS, and Microsoft 365. This role requires extensive experience securing cloud platforms and services, as well as a strong grasp of cloud-native security tools, identity models, and architectural patterns. You will collaborate with a team of seasoned security architects and cross-functional partners to embed security into every stage of our cloud infrastructure, enterprise applications, and services. The ideal candidate will bring deep security expertise, a strategic mindset, and a proven track record of mitigating risks in complex enterprise environments.

Key Responsibilities:

• Lead the design, development, and implementation of scalable, cloud-native security architectures for new and existing products and services across platforms such as Azure, AWS, and Microsoft 365.
• Partner with engineering, product management, and infrastructure teams to embed security into the development lifecycle and IT operations, ensuring alignment with enterprise risk posture.
• Evaluate enterprise business applications, review security settings, and ensure deployments adhere to company policies and best practices.
• Define, document, and maintain security standards, guidelines, and best practices to support consistent and effective implementation across the organization.
• Drive the evaluation, implementation, and optimization of security technologies, including Azure Security Center, AWS Security Hub, Intune, Microsoft Defender, Endpoint Protection, Entra ID, and Conditional Access.
• Architect and implement robust BYOD security strategies and device control frameworks using MDM/MAM solutions, conditional access, and identity-based policies to secure personal, corporate-issued, and contractor devices.
• Apply Zero Trust principles to enterprise environments through identity-driven security, continuous verification, and least-privilege access models.
• Conduct security risk assessments and ensure compliance with relevant regulations and internal policies.
• Collaborate with cross-functional teams to review and strengthen controls across platforms such as Azure, AWS, Microsoft 365 and Enterprise applications.
• Use metrics and data analysis to drive risk-informed decision-making and communicate insights effectively to senior leadership.
• Participate in security incident response and investigations, offering architecture-level expertise to support containment and resolution efforts.
• Champion a culture of security awareness by supporting training initiatives and advocating for security best practices across the business.
• Assist in build-buy-partner decisions for security technologies and toolsets, in collaboration with Security Operations and procurement teams.
• Gather and prioritize business and technical requirements to align security solutions with organizational goals and operational needs.
• This role will work hybrid work schedule, 3 days in the Bridgewater, NJ office and 2 days remote.

Qualifications:

• 5+ years of experience in information security with a focus on cyber security architecture and design.
• Hands on experience Identifying, deploying, and configuring security technologies
• Extensive knowledge of security principles, protocols, and technologies, including encryption, authentication (SSO, MFA, Managed Identities, service principal, App registrations, and conditional access design), access control (RBAC, ABAC) and network security.
• Experience with cloud security technologies such as Entra, Intune, Conditional Access, Endpoint Protection, Defender, MDM, MAM, EOP, SSO.
• Proven ability to design and implement controls for secure access to corporate applications and data from BYOD platforms, leveraging tools such as Intune, Conditional Access, and Entra ID
• Proven ability to lead and manage complex security projects from concept to completion.
• Excellent communication skills, with the ability to convey complex security concepts to both technical and non-technical stakeholders.
• Up to date with the cloud security technology landscape, including new solutions, improved security processes, and developments.
• Demonstrated experience in leading troubleshooting, managing, and resolving issues related to security technologies, systems, access, and applications.
• Proven ability to quickly learn and adapt to new technologies while adhering to security principles.
• Experienced in working with cross-functional teams, leading projects, and driving technological initiatives to completion.
• Good understanding of Enterprise Architecture and the role of security within it.
• Proficient in PowerShell scripting, automation, SQL, and other relevant tools and techniques used by applications and teams.
• Strong knowledge of security frameworks and methodologies for risk management.
• Knowledge about managed service accounts, managed service principles, and Key Vaults.
• Understanding of software development practices and secure coding techniques.
• Understanding of encryption, cryptographic principles, and security certificates.
• Excellent analytical and problem-solving abilities.
• Self-motivated, self-directed, detail-oriented, and capable of working independently.

Education:

• Bachelor’s degree in computer science, Information Security, or a related field.
• Cloud security certifications for AWS (AWS Certified Security – Specialty), Azure (Azure Security Engineer Associate), and\or M365 (Microsoft 365 Security Administration).
• Relevant information security qualifications like CISSP, CCSP, and CISM are preferred.

As required by law, Bausch Health provides a reasonable range of compensation for roles that may be hired in the US. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For this role, the range of starting pay for this role is $125K - $157K annually.

Benefits package includes a Comprehensive Medical (includes Prescription Drug), Dental, Vision, Health Savings Account with company contribution, Flexible Spending Accounts, 401(k) matching, discretionary time off, paid sick time, tuition reimbursement, parental leave, short-term disability, long-term disability, life insurance, accidental death & dismemberment insurance, paid holidays, Employee Assistance Plan, commuter benefit, recognition awards, voluntary benefits (including Identity Theft, Student Loan and Breast Milk Shipping), employee referral bonuses and employee discounts.

#LI-hybrid

We are an Equal Opportunity Employer. EOE Disability/Veteran. We are committed to building diverse teams, representative of the patients and communities we serve, and we strive to create an inclusive workplace that cultivates collaboration.