Senior Information Security Analyst

Since our inception in Boston in 2015, we've led the charge in oncology personal healthcare, offering an extensive array of diagnostic tools that empower clinical decisions and advance patient care. Our culture is our foundation—fueled by innovation, a commitment to transformation, and a team of authentic, driven individuals worldwide. At BostonGene, you'll find a community that's not just about the work but about making a difference, together. Join us to be a part of a future where your work contributes to transformative cancer treatments and shapes the lives of patients globally. We develop a distributed information and analytical system that provides oncologists with the necessary data for diagnosis and personalized treatment of patients.

The Senior Information Security Analyst is responsible for supporting and enhancing the organization’s cybersecurity posture across enterprise systems, cloud platforms, laboratory environments, scientific applications, and research infrastructure. This role works closely with IT, engineering, R&D, compliance, and scientific teams to identify, assess, and mitigate cybersecurity risks while ensuring alignment with industry regulations and security best practices. The role requires strong analytical, technical, and communication skills, along with the ability to collaborate effectively across cross-functional teams and support secure business operations while protecting sensitive research, genomic, clinical, and intellectual property data.

This position will report to the Sr. Information Security Manager, or designated cybersecurity leadership.

• Conduct risk assessments, vulnerability scanning, and penetration testing across on-premise and cloud environments (AWS, Azure, GCP)
• Perform threat intelligence analysis focused on biotech/pharma risks (IP theft, targeted attacks)
• Prioritize and remediate vulnerabilities based on risk and business impact
• Validate security posture of laboratory systems, research platforms, and scientific applications

• Monitor systems and networks using EDR/XDR and SIEM platforms (e.g., Splunk, SentinelOne, QRadar)
• Develop and tune detection rules for unauthorized access, data exfiltration, insider threats
• Integrate logs from cloud, endpoints, identity systems, and lab-related systems
• Support security operations and incident triage

• Investigate security incidents and perform root cause analysis
• Support containment, eradication, and recovery efforts
• Conduct forensic analysis across endpoints, cloud, and network logs
• Develop and maintain incident response playbooks
• Coordinate with legal, compliance, and leadership during major incidents

• Protect intellectual property, genomic data, clinical trial data, and research assets
• Implement and monitor data loss prevention (DLP) controls
• Ensure proper data classification and segregation

• Ensure compliance with: GxP (GMP, GCP, GLP), HIPAA, FDA 21 CFR Part 11, GDPR and data privacy regulations
• Support audits and regulatory assessments
• Maintain compliant documentation and procedures

• Support frameworks such as ISO 27001, NIST, SOC 2
• Develop and maintain policies, standards, and procedures

• Develop and deliver security awareness programs
• Train employees on: phishing awareness, data protection, regulatory responsibilities

• Assess security posture of vendors and research partners
• Review contracts for security requirements
• Monitor and manage supply chain risk

• Develop and track security metrics and KPIs
• Report on incident trends, vulnerability posture, compliance status, present findings to management

• Support business continuity and disaster recovery planning
• Evaluate and onboard new technologies
• Stay current with emerging cybersecurity threats in biotech/pharma
• Perform other duties as assigned by management

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field, or equivalent practical experience.
• Experience working in regulated industries such as biotechnology, healthcare, pharmaceutical, or life sciences is preferred.
• Ability to analyze security incidents, vulnerabilities, and operational risks in enterprise and cloud environments.
• Professional experience in one or more of the following areas: Information Security, Cybersecurity Operations, Vulnerability Management, Incident Response, Security Monitoring, Cloud Security, Risk Management, Security Compliance
• Familiarity with cybersecurity frameworks and standards, including NIST, ISO 27001, SOC 2, HIPAA/HITECH, FDA 21 CFR Part 11, GDPR
• Experience with security technologies and tools such as SIEM platforms, EDR/XDR solutions, vulnerability scanning tools and penetration testing tools, Data Loss Prevention (DLP) technologies
• In-depth experience in threat detection and response, security operations, risk assessments, identity and access management, secure system administration, data protection principles
• Strong verbal and written communication skills with the ability to work collaboratively across technical and nontechnical teams.

• Full-time position with a permanent contract and flexible working hours, with hybrid work options.
• Competitive salary and comprehensive healthcare insurance.
• Convenient office location in Yerevan (1-minute walk from the metro) with on-site snacks.
• Relocation package for candidates and their immediate family members, including full documentation and bureaucracy support (bank accounts, residence permits, school contacts, etc.).
• Corporate benefits, including English language lessons and gym membership.
• Dynamic and versatile professional environment with a diverse team of bioinformaticians, biologists, physicians, and software developers committed to improving oncological healthcare.
• Careful, structured, and responsible supervision to support professional growth.