Security Engineer

About Chemaxon

Chemaxon is an industry-leading cheminformatics software company helping early-stage drug discovery and chemistry research for more than 25 years. Our clients are top pharmaceutical companies, innovative biotech startups, and leading academic institutions. 
We are agile, innovative and friendly, offering compelling opportunities for frequent collaboration and cross-training with teammates and stakeholders.

We operate internationally, with regional teams based in Budapest (HQ), UK, Boston, San Diego and Basel (Switzerland), along with distributors in the Asia Pacific. We have recently been acquired by Certara, a US-based model-informed drug development services and software company. We are in an exciting time of organizational and business growth, so now is the perfect time to join our team! 

About the position

As a Security Engineer, you take part in operating and developing the organization’s information security system, responding to security events and requests across the organization, while also contributing to develop the organisation’s information security framework. Your responsibilities include conducting intrusion detection, incident response, forensic investigations, data recovery, and electronic discovery—occasionally with guidance—and working closely with various departments.
In addition, you carry out small- to medium-scale threat analyses, troubleshoot complex security issues, and contribute to technology projects, whether leading smaller initiatives or supporting larger ones.

About your responsibilities

• Explains the purpose of and provides advice and guidance on the design, implementation and operation of elementary physical, procedural and technical security controls. Performs security risk, vulnerability assessments, and business impact analysis for applicable information systems.
• Contributes to design, implementation and audit of company level policies concerning information security standards applicable to the organization.
• Contributes to address application security related concerns by application development teams and Customers.
• Supports the identification of possible areas for improvement by preparation of applicable proposals. Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security. Ensures that all identified breaches in security are promptly and thoroughly recorded, investigated and that any system changes required to maintain security are implemented. Ensures that security records are accurate and complete and that requests for support are dealt with according to set standards and procedures. Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
• Prioritizes and diagnoses incidents according to agreed procedures. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Facilitates recovery, following resolution of incidents. Documents and closes resolved incidents according to agreed procedures.
• Contributes to digital forensic investigations. Processes and analyses evidence in line with policy, standards and guidelines and supports production of forensics findings and reports.
• Some travel may be required.

Experience, skills and knowledge you should bring to us

• Associate or Bachelor’s degree in Computer Science or related field preferred. Combination of formal education training and practical experience sufficient to acquire knowledge and skills generally equivalent to those possessed by an associate degree individual may be considered.
• Has a generic understanding of NIST CSF, ISO 27001 information security frameworks.
• Scripting knowledge preferably in KQL, Perl, PHP, ASP, PowerShell or Java with recent and basic programming experience.
• 1-3 years of experience in compliance-oriented industry is preferred.
• Has a basic understanding of network behavior analysis techniques and tools. Capable of using various detection systems and software.
• Has basic knowledge of several of the following: network foot-printing, port scanning, and enumeration techniques, specific operating system vulnerabilities, web server vulnerabilities, application level exploits, worms, viruses, and Trojans, network vulnerabilities, sniffing, wireless sniffing, IP spoofing, and PPTP/VPN breaking.
• Understanding and demonstrated technical skills and abilities in the technical information security operations domain.
• Works under general direction. Uses discretion in identifying and responding to complex issues and assignments. Receives specific direction, accepts guidance and has work reviewed at agreed milestones.
• Determines when issues should be escalated to a higher level.
• Performs a range of work, sometimes complex and non-routine, in a variety of environments.
• Applies methodical approach to issue definition and resolution.
• Has the general, domain knowledge necessary to perform effectively in the organization typically gained from recognized bodies of knowledge and organizational information. Demonstrates effective application of knowledge. Has an appreciation of the wider business context. Takes action to develop own knowledge.
• Plans, schedules and monitors own work (and that of others where applicable) competently within limited deadlines and according to relevant legislation, standards and procedures.
• Contributes fully to the work of teams. Appreciates how own role relates to other roles and to the business of the employer or client.
• Demonstrates an analytical and systematic approach to issue resolution.
• Takes the initiative in identifying and negotiating appropriate personal development opportunities.
• Ability to share information security knowledge with technical and non-technical audiences about information security.

Bonus skills that will help you hit the ground running

• Industry recognized certifications such as, GSEC, GCIA, CEH, CISCO ISO 27001 LA is a plus.

What we offer

• Hybrid-way of working (8 days/month home office).
• Private health insurance (Medicover).
• Daily entry into Life1 Fitness Clubs.
• Generous annual training budget supporting your professional development (off-site training, international conferences, e-books).
• We work with global Top500 companies (R&D) and leading academic institutions, giving you a chance to gain insights into these dynamically evolving industries.
• Inspiring working environment - leisure and recreation area, playing corner for children, English lessons, yearly user conference with social programs, innovation days.
• You will be a valued member of a creative and supportive agile team.
• Everyday use of English in a multicultural environment.

Please note, we’re unable to support relocation or sponsor visa for this role.