Regeneron is founded on the belief that the right idea, combined with the right team, can lead to significant transformations. Our growing global network is dedicated to inventing, developing, and commercializing medicines that change lives for those with serious diseases. In doing so, we are groundbreaking innovative ways to science, manufacturing, and commercialization, as well as redefining our understanding of health.
The Regeneron Information Technologies team is seeking candidate for the Sr Principal Engineer of Secure SDLC Software Development position. This is a hands-on position that requires deep technical expertise in this Secure SDLC domain, the successful candidate will be responsible for the design, engineering, deployment, governance, and level 3 support of the Regeneron Secure Software Development Life Cycle (SSDLC) framework, and solutions.
In this role typical day might include performing the following:
Drive forward the development, improvement, deployment, communication, and governance of the Regeneron SSDLC roadmap aligned with a comprehensive Cybersecurity strategy.
Develop and improve a reliable, scalable, and secure set of SSDLC solutions to efficiently meet business requirements while adhering to the NIST Cyber Security framework.
Drive a continuous improvement approach to secure the Regeneron SDLC program by defining and implementing security requirements across the full software development life cycle. This includes the underlying software delivery pipeline, ensuring security is seamlessly and optimally in coordinated within.
Develop and operationalize strategies to continuously assess, identify, and mitigate vulnerabilities within the SSDLC ecosystem.
Serve as the focal point for an onsite IT Team to ensure consistent communications and delivery as well as maintaining day-to-day team direction and tactical support for the onsite IT team members that are delivering other IT related services.
Provide status and operational updates to Regeneron IT senior leadership on the effectiveness and efficiency of the onsite team.
Collaborate with leadership on the yearly budget preparation and management of the SSDLC program.
Define and run against SSDLC SLAs, using KPIs to provide monthly reporting on the efficacy of SSDLC management tools.
Develop and document the technical design for the integration and implementation of any new SSDLC software.
Partner with the Cybersecurity by Design Team, product development, and other key partners to ensure secure design principles are embedded throughout the entire software development lifecycle.
Partner with software development teams in the architectural design of software solutions to ensure the implementation of secure design principles.
Stay ahead of on evolving security threats and trends, recommending proactive measures to maintain a secure SSDLC framework.
Collaborate on the development and delivery of software security awareness training programs.
Collaborate with the Operations Team to continuously ensure defined SSDLC technologies are effective and efficient in practice.
Provide Level 3 support for SSDLC-related and security incidents.
Collaborate with vendors to drive solution optimization and business value.
This job might be for you if you:
BA/BS degree in Computer Science, Computer Information Systems, or a related technical field.
8+ years proven experience with SSDLC capabilities in a global environment.
Continuously find opportunities for improving processes and solutions, including the consolidation of similar security needs.
Collaborate with the team to implement technical standard methodologies, policies, and procedures.
Have ability to lead training initiatives, demonstrating a capacity to educate teams.
Have excellent problem-solving skills and attention to detail.
Excellent verbal and written communication skills, and ability to optimally work well with all personnel from application developers to the CIO, ability to work autonomously and in groups, highly organized, deadline-oriented, continuous-improvement approach.
Ability to develop and maintain highly effective relationships and influence others to achieve goals.
Strong experience in using SSDLC solutions to secure data within an enterprise and possess end-to-end knowledge in the design, engineering, and operation of a comprehensive SSDLC solution set.
Experience in crafting and providing highly available and reliable SSDLC software and processes capable of 24x7 business operations is essential.
A shown level of competence with SAST, SCA, DAST, Jenkins, Groovy, Python, Java, JavaScript, Ruby, R, Kubernetes, AWS, Terraform, and CFT is required.
A solid understanding of Information Security processes, practices, and solutions, as well as experience with regulatory compliance controls, with GxP and SOX being preferred.
Familiarity with relevant security frameworks and compliance standards (NIST CSF, ISO 27001, HIPAA, GDPR, etc.) is a plus.
Connect with us, so we can learn more about you, and you can learn more about our medicines. And join us in shaping the future of healthcare.
Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. We will ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application process. Please contact us to discuss any accommodations you think you may need.
Does this sound like you? Apply now to take your first step towards living the Regeneron Way! We have an inclusive and diverse culture that provides comprehensive benefits, which often include (depending on location) health and wellness programs, fitness centers, equity awards, annual bonuses, and paid time off for eligible employees at all levels!
Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. The Company will also provide reasonable accommodation to the known disabilities or chronic illnesses of an otherwise qualified applicant for employment, unless the accommodation would impose undue hardship on the operation of the Company's business.
For roles in which the hired candidate will be working in the U.S., the salary ranges provided are shown in accordance with U.S. law and apply to U.S.-based positions. For roles which will be based in Japan and/or Canada, the salary ranges are shown in accordance with the applicable local law and currency. If you are outside the U.S, Japan or Canada, please speak with your recruiter about salaries and benefits in your location.
Please note that certain background checks will form part of the recruitment process. Background checks will be conducted in accordance with the law of the country where the position is based, including the type of background checks conducted. The purpose of carrying out such checks is for Regeneron to verify certain information regarding a candidate prior to the commencement of employment such as identity, right to work, educational qualifications etc.