Pivotal Life Sciences background
Pivotal Life Sciences (“PLS”), a part of Nan Fung Group, is a global investment platform focusing on the life sciences. Leveraging on Nan Fung Group’s strong capital base and long-term commitment to the area, the company aims to become the ideal partner for scientists, entrepreneurs, corporations and investors in the life science space. Through direct investments via Pivotal bioVenture Partners funds (both in US and China) and fund investments covering full spectrum of the industry (including therapeutics, medical devices and diagnostics) and across different development stages, Nan Fung Life Sciences has significant presence in both US and Greater China. Learn more at www.pivotallifesciences.com
Location: San Francisco, CA
The role
As a PLS Cloud Security Engineer, you will be a member of our new global AI and data intelligence team. This team’s goal is to build state of the art data and AI technology with strong research fundamentals for our life sciences investment arm towards building a ‘smart investment system’. Utilizing your expertise in cloud security engineering, you will build a state-of-the-art cloud backbone for data from biological, financial, operational, and other sources to be used for scientific products and tools that provide intelligence and predictions for smart investments. The ideal candidate will be responsible for ensuring the security of our cloud-based systems and infrastructure. You will collaborate with cross-functional teams to develop and implement security measures, manage cloud security systems, and maintain the integrity and confidentiality of data and information.
Responsibilities
- Develop, implement, and manage security measures and controls to protect cloud-based systems and infrastructure.
- Determine user requirements and design specifications for Amazon Web Services (AWS) based data, pipelines, and products infrastructure
- Design and maintain system backup solutions for system recovery and disaster recovery
- Be involved in the build and extension of our cloud services that span across the US and China
- Participate and assist in setting the long-term direction, roadmaps and standards for technical solutions, ensuring they align to the overall enterprise architecture
- Help implement the technology direction, vision, and strategy to enable Cloud technology adoption
- Analyze existing cloud structures and create new and enhanced security methods.
- Serve as the subject matter expert for cloud security best practices and solutions.
- Conduct risk assessments, security audits, and system tests to ensure the effectiveness of security measures.
- Respond to and, when necessary, lead the response to cloud security incidents.
- Collaborate with IT and data science teams to integrate security protocols into new and existing cloud deployments.
- Manage and configure cloud security tools, such as firewalls, intrusion detection systems, and encryption technologies.
- Create and maintain documentation for cloud security procedures and protocols.
- Conduct security training and awareness for staff.
- Stay current with emerging security threats and technologies in the cloud computing landscape.
- Ensure compliance with regulatory requirements and industry standards related to cloud security.
Qualifications:
- Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
- Professional security management certification is advantageous, such as CISSP, CISM, CCSP, or equivalent.
- 5+ years of experience in a cloud security role with hands-on experience in cloud platforms like AWS, Azure, or Google Cloud Platform.
- Strong understanding of cloud security frameworks, standards, and best practices.
- Experience with cloud access security brokers (CASBs), firewalls, VPNs, IDS/IPS, and other security technologies.
- Proficiency in scripting languages (e.g., Python, PowerShell) for automation of security tasks.
- Knowledge of system and network architecture and the integration of security protocols within these structures.
- Excellent problem-solving, analytical, and evaluation skills.
- Ability to work independently and as part of a team in a fast-paced environment.
- Strong verbal and written communication skills with the ability to:
- Consult with Key Stakeholders, Clients, Vendors and other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
- Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
- Educate other developers on secure coding best practices.
- Ability to professionally handle communications with outside researchers, users, and customers.
- Ability to communicate clearly on technical issues.
- Physical Demands and Work Environment:
- Hybrid office – 3 days in (M/W/Th)
- Must be able to remain on call for responding to security incidents as needed.
- Must not require sponsorship now or in the future
- Salary Range: $150,000-$250,000 + 20% annual target performance bonus