At Charles River, we are passionate about improving the quality of people’s lives. When you join our global family, you will help create healthier lives for millions of patients and their families.
Charles River employees are innovative thinkers, who are dedicated to continuous learning and improvement. We will empower you with the resources you need to grow and develop in your career.
As a Charles River employee, you will be part of an industry-leading, customer-focused company at the forefront of drug development. Your skills will play a key role in bringing life-saving therapies to market faster through simpler, quicker, and more digitalized processes. Whether you are in lab operations, finance, IT, sales, or another area, when you work at Charles River, you will be the difference every day for patients across the globe.

JOB SUMMARY

As an Infosec vulnerability analyst, you will be a hands-on practitioner and representative of the vulnerability management practice in cyber security defence. This is a technical role, and candidates must possess a solid understanding of information security, applications, operating systems, networking, cloud infrastructure, and attacker tactics, techniques, and procedures (TTPs). Responsibilities of this position include vulnerability management, reporting, remediation and continuous assessment, penetration testing, and red teaming.

QUALIFICATIONS:

• Education: Bachelor’s degree (B.A./B.S.) or equivalent in computer science, information technology, or related discipline.
• Very strong experience in information security operations, vulnerability management, or related disciplines.
• An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework, and the software development lifecycle.
• Capable of scripting in Python, Bash, Perl, or PowerShell.
• Certification/Licensure: IT security-related certification desired (e.g., Security +, CISSP, CISA, GCED, GPEN, GCIH, or similar professional certification).
• Other:
  Must have strong interpersonal, teamwork, and self-initiative skills.

• Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud, and third-party assets.
• Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
• Support auditors in their duties that focus on compliance and risk reduction.
• Perform penetration tests against company-owned assets, including internal and cloud-based assets, as well as web applications and APIs.
• Perform other duties as assigned.