Senior Security Engineer / AppSec Engineer

Life changing therapies. Global impact. Bridge to thousands of biopharma companies and their patients.

We are PCI.

Our investment is in People who make an impact, drive progress and create a better tomorrow. Our strategy includes building teams across our global network to pioneer and shape the future of PCI.

The Senior Security Engineer will serve as the technical security lead for PCI Pharma, responsible for security architecture, application security, vulnerability management, and security engineering across enterprise and manufacturing environments. This role combines hands-on technical work with strategic security advisory, ensuring protection of pharmaceutical intellectual property, patient data, and compliance with industry regulations.

• Design and implement security architecture for cloud (Azure, AWS), on-premises, and hybrid environments
• Lead application security program including SAST/DAST integration, secure code reviews, and developer training
• Manage enterprise vulnerability management using Nessus, including scan scheduling, risk prioritization, and remediation tracking
• Architect and maintain Zero Trust security framework including identity-centric access controls
• Conduct security assessments for new applications, infrastructure changes, and M&A integrations
• Design network segmentation strategies for IT/OT environments and manufacturing systems
• Implement and manage endpoint security solutions (EDR, AV) in coordination with RUN team
• Lead security incident response for complex technical investigations
• Develop security standards, policies, and technical guidelines aligned with pharmaceutical regulations
• Evaluate and recommend security tools and technologies for continuous improvement
• Coordinate penetration testing activities and remediation of findings
• Provide security consultation for cloud migrations and digital transformation initiatives

• Bachelor's degree in Computer Science, Cybersecurity, or related field
• 7+ years of progressive cybersecurity experience with 3+ years in security engineering/architecture
• Deep expertise in vulnerability management tools (Nessus, Qualys, or Rapid7)
• Strong application security knowledge including OWASP Top 10, secure SDLC, and DevSecOps practices
• Experience with cloud security in Azure and/or AWS (security groups, IAM, encryption)
• Proficiency in network security including firewalls, IDS/IPS, and segmentation
• Knowledge of endpoint security solutions and EDR platforms
• Strong scripting abilities (PowerShell, Python) for security automation
• Experience in regulated industries with compliance requirements
• CISSP, CISM, or equivalent security certification

• Master's degree in Cybersecurity or Information Assurance
• Pharmaceutical or healthcare industry experience with GxP knowledge
• GPEN, OSCP, or other hands-on security certifications
• Experience with IT/OT security and industrial control systems
• Knowledge of 21 CFR Part 11 and computer system validation
• Cloud security certifications (AZ-500, AWS Security Specialty)

Nessus / Tenable.io vulnerability management * SAST/DAST tools (SonarQube, Checkmarx, Burp Suite) * Azure Security Center / AWS Security Hub * EDR platforms (CrowdStrike, Defender for Endpoint) * SIEM platforms (Splunk, Sentinel) * Firewall management (Palo Alto, Cisco ASA) * PowerShell / Python security scripting * Git and CI/CD security integration

• Critical vulnerability remediation SLA (target: <7 days)
• Application security review coverage (target: 100% of new apps)
• Security incident response time (target: <1 hour for P1)
• Penetration test finding closure rate (target: >90% within 90 days)
• Zero Trust implementation milestones (per roadmap)

Join us and be part of building the bridge between life changing therapies and patients. Let's talk future

Equal Employment Opportunity (EEO) Statement:
PCI Pharma Services is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.

At PCI, Equity and Inclusion are at the core of our company's purpose: Together, delivering life-changing therapies. We are committed to cultivating an inclusive workplace by holding ourselves accountable to the highest standards of understanding, fairness, respect, and equal opportunity - at every level. We envision a PCI community where everyone can belong and grow, and we strive to bring this vision to reality by continuously and intentionally assessing our people practices, policies and programs, marketing approach, and workplace culture.