Associate Systems Engineer Lab Systems and OT Security

Must Have Technical/Functional Skill

Education

* Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)

Experience

* 2-5 years of relevant experience in IT/OT systems engineering, endpoint security, or lab systems support; or an equivalent combination of education and experience.

* Hands-on experience with Active Directory administration, including Organizational Unit (OU) management, Group Policy, and service account provisioning.

* Experience working in or supporting laboratory, manufacturing, or operational technology environments.

* Demonstrated experience executing security remediation activities such as patching, endpoint agent deployment, or access control changes.

* Experience working with endpoint security platforms (Crowd Strike or equivalent EDR tools preferred).

* Familiarity with privileged access management or password vault tools (Beyond Trust or equivalent).

* Familiarity with Endpoint Management (EPM) tools for computer fleet management

Technical Skills

Identity & Access Management

* Proficiency in Active Directory administration: OU structure, Group Policy Objects (GPOs), user/service account management, and authentication protocols including RC4/NTLM/Kerberos.

* Understanding of allow/deny list enforcement mechanisms within AD and Lab OU environments.

* Experience with service account lifecycle management and privileged access controls.

* Understanding of enterprise Identity Management tools (Sailpoint)

Endpoint & OT Security

* Working knowledge of endpoint detection and response (EDR) platforms, particularly Crowd Strike Falcon.

* Understanding of OT/lab network architecture, including isolated or semi-isolated lab network segments, instrument connectivity, and associated security risks.

* Familiarity with USB restriction and software control policies on Windows endpoints.

* Knowledge of vulnerability management concepts: OS patching, EOL systems, open file shares, and network-level exposure.

Lab & Instrument Environment Familiarity

* Understanding of how lab instruments authenticate to networks and the dependencies that exist between shared accounts and instrument operation.

* Familiarity with Transparent Screen Lock (TSL) or similar technologies for instrument session management.

* Awareness of lab data systems such as NuGenesis (SDMS), Empower (Waters), or similar scientific data and chromatography platforms is a plus.

* Awareness of working in Biopharma Laboratory Environments

* Awareness of GxP and Information Security complia nce constraints

* Familiarity with ITIL ITSM principles

Tools & Platforms

* Service Now or equivalent ITSM platform for demand intake and ticket management.

* Beyond Trust or equivalent privileged access management and remote support tooling.

* Microsoft Windows Server and Windows 10/11 administration.

* Familiarity with network monitoring and log analysis tools.

* Proficiency in Power Shell preferred.

Roles & Responsibilities

1. NAA (Non-Attributable Account) Remediation

* Support the design, testing, and execution of the Non-Attributable Account (NAA) remediation program across RC4-dependent and non-RC4-dependent account types.

* Assist in building, maintaining, and activating host allow/deny lists within the Lab Organizational Unit (OU) in Active Directory.

* Coordinate with Info Sec and AD teams to execute password reset mechanisms and validate outcomes across pilot and full-rollout phases.

* Engage Business System Owners and lab staff to identify NAA usage patterns, confirm active engagements, and support transition to properly managed service accounts.

* Support deployment and configuration of Transparent Screen Lock and Beyond Trust (password management and remote access) as replacement mechanisms for NAA-dependent workflows.

2. Software Governance & Controls

* Assist in defining and implementing a policy-based software allowlist across lab workstations and instrument PCs in the Lab OU.

* Identify currently installed unauthorized or unlicensed software across lab endpoints and support remediation planning.

* Develop and maintain a formal exception request process for legitimate scientific software deployment needs.

3. Vulnerability Management

* Support Crowd Strike EDR sensor deployment and gap closure across lab endpoints, coordinating with Info Sec and site partners.

* Identify and remediate open or misconfigured file shares presenting lateral movement and data exfiltration risk.

* Contribute to OS patching cadence and compliance tracking for lab workstations and instrument PCs.

* Assist in end-of-life operating system identification, remediation planning, and isolation strategies across lab infrastructure.

* Support server-level vulnerability triage and remediation in coordination with the infrastructure team.

4. USB & Data Transfer Controls

* Assess current USB usage patterns across lab sites and instrument workflows.

* Assist in defining and implementing a tiered USB restriction policy (block, monitor, allow-by-exception) that…