Description

Key Responsibilities 1. NAA (Non-Attributable Account) Remediation •        Support the design, testing, and execution of the Non-Attributable Account (NAA) remediation program across RC4-dependent and non-RC4-dependent account types. •        Assist in building, maintaining, and activating host allow/deny lists within the Lab Organizational Unit (OU) in Active Directory. •        Coordinate with InfoSec and AD teams to execute password reset mechanisms and validate outcomes across pilot and full-rollout phases. •        Engage Business System Owners and lab staff to identify NAA usage patterns, confirm active engagements, and support transition to properly managed service accounts. •        Support deployment and configuration of Transparent Screen Lock and BeyondTrust (password management and remote access) as replacement mechanisms for NAA-dependent workflows. 2. Software Governance & Controls •        Assist in defining and implementing a policy-based software allowlist across lab workstations and instrument PCs in the Lab OU. •        Identify currently installed unauthorized or unlicensed software across lab endpoints and support remediation planning. •        Develop and maintain a formal exception request process for legitimate scientific software deployment needs. 3. Vulnerability Management •        Support CrowdStrike EDR sensor deployment and gap closure across lab endpoints, coordinating with InfoSec and site partners. •        Identify and remediate open or misconfigured file shares presenting lateral movement and data exfiltration risk. •        Contribute to OS patching cadence and compliance tracking for lab workstations and instrument PCs. •        Assist in end-of-life operating system identification, remediation planning, and isolation strategies across lab infrastructure. •        Support server-level vulnerability triage and remediation in coordination with the infrastructure team. 4. USB & Data Transfer Controls •        Assess current USB usage patterns across lab sites and instrument workflows. •        Assist in defining and implementing a tiered USB restriction policy (block, monitor, allow-by-exception) that protects the environment without impeding legitimate scientific workflows. •        Manage the formal USB exception process for vendor-mediated access scenarios. 5. Cross-Site & Operational Support •        Serve as a hands-on technical resource for site partners across Boston/US,  Oxford/UK, and other global lab locations. •        Maintain accurate documentation of system configurations, allow/deny lists, service account inventories, and workstream progress. •        Contribute to demand intake and ServiceNow-based request management for new service account and access requests. •        Participate in hypercare periods following major changes, providing rapid response to connectivity or authentication issues. •        Communicate clearly with both technical and non-technical stakeholders, including lab scientists, Business System Owners, and senior leadership. Required Qualifications Education •        Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience) Experience •        2–5 years of relevant experience in IT/OT systems engineering, endpoint security, or lab systems support; or an equivalent combination of education and experience. •        Hands-on experience with Active Directory administration, including Organizational Unit (OU) management, Group Policy, and service account provisioning. •        Experience working in or supporting laboratory, manufacturing, or operational technology environments. •        Demonstrated experience executing security remediation activities such as patching, endpoint agent deployment, or access control changes. •        Experience working with endpoint security platforms (CrowdStrike or equivalent EDR tools preferred). •        Familiarity with privileged access management or password vault tools (BeyondTrust or equivalent). •        Familiarity with Endpoint Management (EPM) tools for computer fleet management Technical Skills Identity & Access Management •        Proficiency in Active Directory administration: OU structure, Group Policy Objects (GPOs), user/service account management, and authentication protocols including RC4/NTLM/Kerberos. •        Understanding of allow/deny list enforcement mechanisms within AD and Lab OU environments. •        Experience with service account lifecycle management and privileged access controls. •        Understanding of enterprise Identity Management tools (Sailpoint) Endpoint & OT Security •        Working knowledge of endpoint detection and response (EDR) platforms, particularly CrowdStrike Falcon. •        Understanding of OT/lab network architecture, including isolated or semi-isolated lab network segments, instrument connectivity, and associated security risks. •        Familiarity with USB restriction and software control policies on Windows endpoints. •        Knowledge of vulnerability management concepts: OS patching, EOL systems, open file shares, and network-level exposure. Lab & Instrument Environment Familiarity •        Understanding of how lab instruments authenticate to networks and the dependencies that exist between shared accounts and instrument operation. •        Familiarity with Transparent Screen Lock (TSL) or similar technologies for instrument session management. •        Awareness of lab data systems such as NuGenesis (SDMS), Empower (Waters), or similar scientific data and chromatography platforms is a plus. •        Awareness of working in Biopharma Laboratory Environments •        Awareness of GxP and Information Security compliance constraints •        Familiarity with ITIL ITSM principles Tools & Platforms •        ServiceNow or equivalent ITSM platform for demand intake and ticket management. •        BeyondTrust or equivalent privileged access management and remote support tooling. •        Microsoft Windows Server and Windows 10/11 administration. •        Familiarity with network monitoring and log analysis tools. •        Proficiency in PowerShell preferred.________________________________________ Soft Skills •        Strong analytical skills and attention to detail — comfortable working with large datasets (login logs, AD exports, host inventories) to draw meaningful conclusions. •        Clear written and verbal communication skills; able to explain technical concepts to non-technical lab staff and Business System Owners. •        Organized and execution-oriented — this role involves managing multiple concurrent workstreams with defined deadlines. •        Comfortable operating in a fast-moving, ambiguous environment where priorities may shift based on security findings. •        Collaborative and service-minded — the lab community depends on this role to keep instruments running securely. Other Requirements •        Ability to work across global, multi-site laboratory organizations including US East Coast (FanPier/Boston) and UK (Oxford/Milton Park). •        Willingness to participate in hypercare periods and provide out-of-hours support during major change activations where required. •        Ability to engage and build trust with both technical peers and non-technical lab and science stakeholders. •        Experience operating within or alongside regulated environments (life sciences, pharmaceutical, or similar) is preferred but not required

Key Skills

Education

Bachelor's degree