Security Engineer & Analyst

<p><strong>This position is on-site in Seattle, WA.</strong></p> <p>Join Lumen Bioscience as a Security Engineer & Analyst to be the guardian of our hybrid cloud infrastructure and endpoint ecosystem. In this role, you’ll own security architecture, monitoring, and incident response across Microsoft 365/Entra ID, Azure, AWS, and a diverse endpoint fleet (Windows 11/macOS).</p> <p>This position requires balancing stringent biotech regulatory and compliance requirements with practical, scalable security solutions that enable scientific innovation. If you enjoy building secure-by-design environments, leading incident response, and partnering with cross-functional teams to protect sensitive data and systems, we encourage you to apply.</p> <p><strong>Duties & Responsibilities:</strong></p> <ul> <li><span style="text-decoration: underline;">Cloud & Identity Security (~40%)</span> <ul> <li>Architect and maintain security posture across Azure, AWS, and Microsoft 365/Entra ID environments.</li> <li>Design and implement Zero/Low Implicit Trust architecture with Conditional Access policies, MFA enforcement, and Privileged Identity Management (PIM).</li> <li>Configure and maintain Azure Security Center, AWS Security Hub, and native cloud security controls.</li> <li>Implement secure baselines for cloud workloads, storage, and networking components.</li> <li>Manage identity lifecycle, RBAC, and least-privilege access models across cloud and SaaS platforms.</li> </ul> </li> <li><span style="text-decoration: underline;">Endpoint Security & Management (~30%)</span> <ul> <li>Administer endpoint protection platforms (EDR/XDR) across Windows 11 and macOS devices.</li> <li>Deploy and maintain Intune policies for Windows endpoints including BitLocker encryption, Windows Defender, and compliance baselines.</li> <li>Implement macOS security controls using MDM solutions (Jamf/Kandji or Intune for Mac).</li> <li>Secure shared laboratory and manufacturing endpoints using kiosk modes and restricted profiles.</li> <li>Orchestrate patch management, software deployment, and configuration drift monitoring for endpoints.</li> </ul> </li> <li><span style="text-decoration: underline;">Security Operations & Incident Response (~20%)</span> <ul> <li>Design and tune SIEM alerting rules (e.g., Azure Sentinel, Splunk, or similar) to minimize false positives while detecting critical events.</li> <li>Lead incident response activities including communication with MDR vendor, triage, forensics, containment, eradication, and recovery.</li> <li>Conduct threat hunting exercises and security investigations based on logs, alerts, and intelligence.</li> <li>Maintain incident response runbooks and coordinate tabletop exercises.</li> <li>Generate security metrics, KPIs, and executive-level reporting.</li> </ul> </li> <li><span style="text-decoration: underline;">Governance, Risk & Compliance (~10%)</span> <ul> <li>Support FDA, SOC 2, CMMC, and GxP audit activities through evidence collection, documentation, and remediation tracking.</li> <li>Perform vulnerability assessments and coordinate remediation efforts with relevant teams.</li> <li>Conduct vendor security assessments and manage third-party risk.</li> <li>Develop and maintain security policies, standards, and procedures.</li> <li>Partner with QA/Compliance teams on 21 CFR Part 11 and data integrity requirements.</li> </ul> </li> </ul> <p><strong>Required Qualifications:</strong></p> <ul> <li><span style="text-decoration: underline;">Technical Skills:</span> <ul> <li>Endpoint Management: Strong Intune experience for Windows; familiarity with macOS MDM solutions (e.g. Intune, Jamf, or similar).</li> <li>Security Tools: Hands-on experience with EDR/XDR platforms such as Huntress, CrowdStrike, Defender for Endpoint, or SentinelOne.</li> <li>SIEM/Monitoring: Experience with Azure Sentinel, Splunk, or similar platforms, including log analysis and correlation.</li> <li>Scripting: Proficiency in PowerShell and Python for security automation and orchestration.</li> <li>Networking: Understanding of network segmentation, firewalls, VPNs, and zero-trust principles.</li> </ul> </li> <li><span style="text-decoration: underline;">Professional Skills:</span> <ul> <li>Clear technical writing skills for documentation, procedures, and audit artifacts.</li> <li>Ability to translate security risks into business impact for non-technical stakeholders.</li> <li>Strong problem-solving skills with high attention to detail.</li> <li>Self-motivated with the ability to work independently in a hybrid environment.</li> </ul> </li> </ul> <p><strong>Desirable Qualifications:</strong></p> <ul> <li><span style="text-decoration: underline;">Industry & Compliance Experience:</span> <ul> <li>Preferred 2+ years in biotech, pharma, medical device, or healthcare IT environments</li> <li>AZ-500, SC-200, SC-300, AWS Security Specialty, CISSP, CCSP, or comparable security certifications</li> </ul> </li> <li><span style="text-decoration: underline;">Advanced Skills:</span> <ul> <li>Experience with Infrastructure as Code (e.g., Terraform, ARM templates)</li> <li>Container security experience (e.g., Docker, EC2-based workloads)</li> <li>DevSecOps practices and CI/CD pipeline security</li> <li>Experience with Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions</li> </ul> </li> </ul> <p><strong>Physical Requirements:</strong></p> <ul> <li>Ability to work on-site in Seattle, WA</li> <li>Ability to sit for extended periods of time (2 or more hours)</li> <li>Occasionally lift or carry items up to 50 lb/23 kg</li> </ul> <p><strong>Benefits at Lumen Bioscience:</strong></p> <ul> <li><strong>Stock bonus</strong></li> <li>Health, Dental, and Vision premiums fully covered by Lumen</li> <li>401k match up to 4%</li> <li>Industry-leading PTO policy, paid refresh days, and paid year-end holiday office closure</li> <li>Monthly wellness program to support your health and well-being</li> <li>Free onsite parking or public transportation subsidies</li> <li>Comprehensive parental leave policies</li> <li>Life insurance, short & long-term disability, and access to employee assistance programs</li> </ul> <p>At Lumen Bioscience, we foster a workplace built on collaboration, innovation, and professional growth. This role offers a significant opportunity to contribute directly to cutting-edge biotechnology and the advancement of global health solutions.</p> <p><strong>Join us to shape innovative solutions and drive operational excellence.</strong></p><div class="content-pay-transparency"><div class="pay-input"><div class="title">Compensation Range</div><div class="pay-range"><span>$115,000</span><span class="divider">—</span><span>$130,000 USD</span></div></div></div>