Senior InfoSec Engineer (SecDevOps) - (REMOTE)

Headquarters: India URL: http://criver.com For 75 years, Charles River employees have worked together to assist in the discovery, development and safe manufacture of new drug therapies. When you join our family, you will have a significant impact on the health and well-being of people across the globe. Whether your background is in life sciences, finance, IT, sales or another area, your skills will play an important role in the work we perform. In return, we’ll help you build a career that you can feel passionate about. Job Overview The Senior InfoSec Engineer (SecDevOps) is a subject matter expert (SME) who plays a crucial role in bridging the gap between development, operations, and security. Our ideal candidate will possess a strong technical background in both IT security and software development, enabling them to implement and maintain secure DevOps practices across our projects. The engineer works as part of a team to assess cybersecurity and technology risk against established frameworks, standards, policies and methodologies. The individual reviews and recommends controls and best practices, and continually evaluates risk exposure and tolerance as defined by business leaders and external entities. The role also reviews and documents deficiencies, advocates for change, and when appropriate, escalates issues to senior risk leadership. With an emphasis on developing secure DevOps strategies, this position plays a crucial role in securing business-to-business initiatives, third-party relationships, outsourced solutions, and vendors. Ideal candidates will possess practical hands-on technology experience with security principles and risk management, along with a strong understanding of DevOps culture and practices.     This position has been designated as permanently remote, work from home located in India. Must be able to work the hours of 3pm - 11pm IST May require occasional domestic or international travel.  Job Description   ESSENTIAL DUTIES AND RESPONSIBILITIES: Develop, implement, and maintain secure CI/CD pipelines to facilitate safe code releases without sacrificing speed or efficiency. Collaborate with development and operations teams to integrate security at every phase of the software development lifecycle. Conduct vulnerability assessments and security tests on applications and infrastructure to identify and mitigate risks before production deployment. Automate security processes to reduce human error and increase incident response times. Maintain security documentation and standard operating procedures. Stay up to date with emerging security threats and vulnerabilities and ensure that the company's systems and data are protected against them. Provide security awareness training to other teams and advocate for security best practices throughout the organization. Participate in the development and enforcement of security policies and procedures. Perform other duties as assigned.   QUALIFICATIONS: Education: Bachelor’s degree (B.A./B.S.) or equivalent in computer science, information security, or related discipline. Experience: 3+ years of experience in a DevOps role with a strong focus on security, or in a dedicated cybersecurity role with exposure to DevOps practices. An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above. Certification/Licensure: IT security related certification desired (e.g., CISSP, CISM, CompTIA Security+, Certified Kubernetes Security Specialist (CKS), or AWS Certified DevOps Engineer, or similar professional certification).     Other: Strong understanding of cloud platforms (AWS, Azure, GCP) and their native security tools. Proficiency in scripting languages (e.g., Python, Bash) and automation tools (e.g., Ansible, Terraform, Jenkins). Familiarity with containerization and orchestration technologies (Docker, Kubernetes). Knowledge of compliance standards and security frameworks (e.g., ISO 27001, NIST, SOC 2). Experience with secure software development practices such as using SAST/DAST tools, secure code review, and threat modeling. Excellent problem-solving skills and ability to think critically and strategically. Effective communication skills, with an ability to convey complex security issues to non-technical stakeholders. Must have strong interpersonal, teamwork, self-initiative skills. About Corporate Functions  The Corporate Functions provide operational support across Charles River in areas such as Human Resources, Finance, IT, Legal, Sales, Quality Assurance, Marketing, and Corporate Development. They partner with their colleagues across the company to develop and drive strategies and to set global standards. The functions are essential to providing a bridge between strategic vision and operational readiness, to ensure ongoing functional innovation and capability improvement.   About Charles River Charles River is an early-stage contract research