Analyst, Information Security

Troubleshooting Tips

Job Title:
Job ID: 14677
Location: Berkeley Heights, NJ
Offsite Territory:
Full/Part Time: Full-Time
Regular/Temporary: Regular
Category: Information Technology
Department: ITGOS Security - 4164

Celgene Corporation is committed to delivering innovative therapies designed to improve the lives of patients worldwide. We are a global biopharmaceutical company with operations in more than 70 countries that is helping to turn incurable cancers into chronic, manageable conditions. We are seeking talented professionals as we continue to grow and advance our efforts in oncology, hematology and immune and inflammatory disease. If you would like to join a company where you can make a difference, please consider the Celgene family.

*
- 7+ experience with Information Security
- 3+ years experience with application specific security controls
- BS/MS in Computer Science or equivalent
- CISSP and CEH certifications

Scope:

- Span of Control - individual contributor
- Direct Reports - none
- Indirect Reports - none
- Budgetary Responsibility - none
- Interacts w/- IT GOS, IT GDS, Business Partners, External Business Partners

Responsibilities include, but are not limited to, the following:

- Support the operation of the Application Vulnerability Assessment program using purchased tool sets and testing for false positives manually.
- Support the operation of a Infrastructure Vulnerability Assessment program which includes working with a purchased tool as well as coordination with external penetration testing partners.
- Support teammates with technical abilities to deliver vulnerability findings that have been analyzed for common root causes and validity.
- Support Secure SDLC processes including a control checklist and control recommendations during solution delivery.
- Support the operation of the Information Security Risk Assessment cycle for all Celgene applications. This includes periodic assessments of applications, performing risk calculations based on Integrity, Confidentiality, and Availability.
- Track identified issues and their remediation, interact with issue owners for a timely resolution. Provide issue reporting for senior management reporting. Inclusive of this responsibility is documented corrective action plans where policies dictate appropriate.
- Perform IT Vendor Audits with Celgene partners including hosting environments, processing centers and IT Production Support areas. Assessments are based off of ISO 27001/2 standards and NIST best practices.
- General consulting on policy/standards creation and management based off of ISO 2700X.
- General consulting on IT Audit activities include solutioning for issue remediation and issue tracking for management reporting.

Position
Skills/Knowledge Required:

- BS/MS degree in Computer Science or equivalent.
- 5+ years experience with Information Security and Controls
- 3 or more years of intensive experience application specific security controls (ie encryption, authentication mechanism, least privileged access, etc.).
- CISSP certification
- CEH certification
- Ability to research and recommend technical designs and architectures to support security requirements.
- Working knowledge of OWASP vulnerabilities
- ISO 27001/2 certification a plus
- Audit experience a plus
- Ability to effectively interface with clients and the technical team.
- Ability to work and contribute in a team environment.
- Ability to perform tasks proactively with minimal supervision.

Celgene is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status.

Celgene complies with all applicable national, state and local laws governing nondiscrimination in employment as well as employment eligibility verification requirements of the Immigration and Nationality Act. All applicants must have authorization to work for Celgene in the U.S.

Employment applicants requiring immigration sponsorship must disclose, when initial application for employment is made, whether or not they are legally authorized to work in the U.S. and if so, whether that authorization permits them to work in the job they seek. In no case should Celgene support of a potential employee's temporary visa application be construed to guarantee success of that application or amend or otherwise invalidate the "at-will" employment relationship between the employee and Celgene.