Certara

Overview

Certara accelerates medicines using proprietary biosimulation software, technology, and services to transform traditional drug discovery and development. Its clients include more than 2,000 biopharmaceutical companies, academic institutions and regulatory agencies across 62 countries.

Security Engineer participates in the operation and development of the information security system of the organization. Investigates and responds to enterprise security events and requests.

The Security Engineer conducts computer and network intrusion detection, incident response, forensic investigations, data recovery and electronic discovery under occasional guidance and cooperates with multiple departments within the organization

The Security Engineer conducts small and medium scale threat analysis for the environment. Troubleshoots and resolves complex security issues. Implements small and medium technology projects or components of large projects.

Responsibilities

• Explains the purpose of and provides advice and guidance on the design, implementation and operation of elementary physical, procedural and technical security controls. Performs security risk, vulnerability assessments, and business impact analysis for applicable information systems.
• Contributes to design, implementation and audit of company level policies concerning information security standards applicable to the organization
• Contributes to address application security related concerns by application development teams and Customers
• Supports the identification of possible areas for improvement by preparation of applicable proposal. Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly recorded, investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that requests for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
• Prioritizes and diagnoses incidents according to agreed procedures. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Facilitates recovery, following resolution of incidents. Documents and closes resolved incidents according to agreed procedures.
• Contributes to digital forensic investigations. Processes and analyses evidence in line with policy, standards and guidelines and supports production of forensics findings and reports.
• Some travel may be required

Qualifications

• Associate or Bachelor&rsquos degree in computer science or related field preferred. Combination of formal education training and practical experience sufficient to acquire knowledge and skills generally equivalent to those possessed by an associate degree individual may be considered.
• Industry recognized certifications such as, GSEC, GCIA, CEH. CISCO ISO 27001 LA a plus
• Has a generic understanding of NIST CSF, ISO 27001 information security frameworks.
• Scripting knowledge preferably in KQL, Perl, PHP, ASP, PowerShell or Java with recent and basic programming experience
• 1-3 years of experience in compliance-oriented industry is preferred.
• Has a basic understanding of network behavior analysis techniques and tools. Capable of using various detection systems and software.
• Has basic knowledge of several of the following: network foot-printing, port scanning, and enumeration techniques, specific operating system vulnerabilities, web server vulnerabilities, application level exploits, worms, viruses, and Trojans, network vulnerabilities, sniffing, wireless sniffing, IP spoofing, and PPTP/VPN breaking.
• Understanding and demonstrated technical skills and abilities in the technical information security operations domain
• Works under general direction. Uses discretion in identifying and responding to complex issues and assignments. Receives specific direction, accepts guidance and has work reviewed at agreed milestones.
• Determines when issues should be escalated to a higher level.
• Performs a range of work, sometimes complex and non-routine, in a variety of environments.
• Applies methodical approach to issue definition and resolution.
• Has the general, domain knowledge necessary to perform effectively in the organization typically gained from recognized bodies of knowledge and organizational information. Demonstrates effective application of knowledge. Has an appreciation of the wider business context. Takes action to develop own knowledge.
• Demonstrates effective communication skills.
• Plans, schedules and monitors own work (and that of others where applicable) competently within limited deadlines and according to relevant legislation, standards and procedures.
• Contributes fully to the work of teams. Appreciates how own role relates to other roles and to the business of the employer or client.
• Demonstrates an analytical and systematic approach to issue resolution.
• Takes the initiative in identifying and negotiating appropriate personal development opportunities.
• Ability to share information security knowledge with technical and non-technical audiences about information security

Certara bases all employment-related decision on merit, taking into consideration qualifications, skills, achievement, and performance. We treat all applicants and employees without regard to personal characteristics such as race, color, ethnicity, religion, sex, sexual orientation, age, nationality, marital status, pregnancy, physical or mental condition, genetic information, military service, or other characteristic protected by law.