At OneStudyTeam (a Reify Health company), we specialize in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes. Our cloud-based platform, StudyTeam, brings research site workflows online and enables sites, sponsors, and other key stakeholders to work together more effectively. StudyTeam is trusted by the largest global biopharmaceutical companies, used in over 6,000 research sites, and is available in over 100 countries. Join us in our mission to advance clinical research and improve patient care.

One mission. One team. That’s OneStudyTeam.

By joining our team as a Lead Data Security Engineer, you will become a leading subject matter expert on the security of modern web applications, APIs, and cloud infrastructure. In close collaboration with technical advisors and staff engineers, you will assess the security of new applications, features, partner integrations, data flows, and internal StudyTeam configuration/administration tools. You will also serve as a technical leader on incident response and mentor other Security Team members.

What You’ll Be Working On:

Integrate with data and software engineering teams to assess the security of new applications, features, partner integrations, data flows, and internal product configuration/administration tools.
Develop solutions to enable and enhance security of StudyTeam SaaS applications, associated data transfers, and infrastructure (AWS).
Assess, validate as necessary, coordinate, and confirm remediation of vulnerabilities identified through 3rd party penetration testing and internal vulnerability scans in conjunction with engineering teams (e.g, DevOps/SRE, Software Engineering).
Play a key role in the selection, design, configuration and use of additional vulnerability scanning technologies (e.g., container scanning, SCA/SBOM, SAST, DAST, IAST, RASP).
Serve as a technical leader on incident response for web applications and infrastructure.
Recommend, drive, and implement improvements to One StudyTeam’s Security Program, including how the program is integrated within the SDLC .
Author, and when appropriate delegate to team members, formal technical risk assessments documenting security findings and outlining required mitigating controls.
Participate in the selection and implementation of a re-imagined SIEM solution

What You Bring to OneStudyTeam:

7 or more years experience in a dedicated technical security role is required.
Proficiency in Python for programmatic data analysis and automation is required.
Deep understanding of modern application stacks including microservice architectures, containerization, CI/CD, and IaC in a cloud environment such as AWS or GCP is required.
Solid knowledge of OWASP Top 10 from both the attack chain and mitigation perspectives.
Understanding of modern source control systems (e.g., Git, Gihub) is required.
Desire to mentor other security team members while concurrently collaborating with senior engineers is required.
Prior experience collaborating with Data, Engineering, DevOps/SRE andProduct teams to assess technical security risks is a strong plus.
Experience leading technical incident response for modern web applications and infrastructure is a strong plus.

We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status.

Note: OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OneStudyTeam works with a Professional Employer Organization.

As a condition of employment, you will abide by all organizational security and privacy policies.

This organization participates in E-Verify (E-Verifys Right to Work guidance can be found here).