Must Have Technical/Functional Skill
Education
Bachelors degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
Experience
25 years of relevant experience in IT/OT systems engineering, endpoint security, or lab systems support; or an equivalent combination of education and experience.
Hands-on experience with Active Directory administration, including Organizational Unit (OU) management, Group Policy, and service account provisioning.
Experience working in or supporting laboratory, manufacturing, or operational technology environments.
Demonstrated experience executing security remediation activities such as patching, endpoint agent deployment, or access control changes.
Experience working with endpoint security platforms (CrowdStrike or equivalent EDR tools preferred).
Familiarity with privileged access management or password vault tools (BeyondTrust or equivalent).
Familiarity with Endpoint Management (EPM) tools for computer fleet management
Technical Skills
Identity & Access Management
Proficiency in Active Directory administration: OU structure, Group Policy Objects (GPOs), user/service account management, and authentication protocols including RC4/NTLM/Kerberos.
Understanding of allow/deny list enforcement mechanisms within AD and Lab OU environments.
Experience with service account lifecycle management and privileged access controls.
Understanding of enterprise Identity Management tools (Sailpoint)
Endpoint & OT Security
Working knowledge of endpoint detection and response (EDR) platforms, particularly CrowdStrike Falcon.
Understanding of OT/lab network architecture, including isolated or semi-isolated lab network segments, instrument connectivity, and associated security risks.
Familiarity with USB restriction and software control policies on Windows endpoints.
Knowledge of vulnerability management concepts: OS patching, EOL systems, open file shares, and network-level exposure.
Lab & Instrument Environment Familiarity
Understanding of how lab instruments authenticate to networks and the dependencies that exist between shared accounts and instrument operation.
Familiarity with Transparent Screen Lock (TSL) or similar technologies for instrument session management.
Awareness of lab data systems such as NuGenesis (SDMS), Empower (Waters), or similar scientific data and chromatography platforms is a plus.
Awareness of working in Biopharma Laboratory Environments
Awareness of GxP and Information Security complia nce constraints
Familiarity with ITIL ITSM principles
Tools & Platforms
ServiceNow or equivalent ITSM platform for demand intake and ticket management.
BeyondTrust or equivalent privileged access management and remote support tooling.
Microsoft Windows Server and Windows 10/11 administration.
Familiarity with network monitoring and log analysis tools.
Proficiency in PowerShell preferred.
Roles & Responsibilities
Support the design, testing, and execution of the Non-Attributable Account (NAA) remediation program across RC4-dependent and non-RC4-dependent account types.
Assist in building, maintaining, and activating host allow/deny lists within the Lab Organizational Unit (OU) in Active Directory.
Coordinate with InfoSec and AD teams to execute password reset mechanisms and validate outcomes across pilot and full-rollout phases.
Engage Business System Owners and lab staff to identify NAA usage patterns, confirm active engagements, and support transition to properly managed service accounts.
Support deployment and configuration of Transparent Screen Lock and BeyondTrust (password management and remote access) as replacement mechanisms for NAA-dependent workflows.
Assist in defining and implementing a policy-based software allowlist across lab workstations and instrument PCs in the Lab OU.
Identify currently installed unauthorized or unlicensed software across lab endpoints and support remediation planning.
Develop and maintain a formal exception request process for legitimate scientific software deployment needs.
Support CrowdStrike EDR sensor deployment and gap closure across lab endpoints, coordinating with InfoSec and site partners.
Identify and remediate open or misconfigured file shares presenting lateral movement and data exfiltration risk.
Contribute to OS patching cadence and compliance tracking for lab workstations and instrument PCs.
Assist in end-of-life operating system identification, remediation planning, and isolation strategies across lab infrastructure.
Support server-level vulnerability triage and remediation in coordination with the infrastructure team.
Assess current USB usage patterns across lab sites and instrument workflows.
Assist in defining and implementing a tiered USB restriction policy (block, monitor, allow-by-exception) that protects the environment without impeding legitimate scientific workflows.
Manage the formal USB exception process for vendor-mediated access scenarios.
Serve as a hands-on technical resource for site partners across Boston/US, Oxford/UK, and other global lab locations.
Maintain accurate documentation of system configurations, allow/deny lists, service account inventories, and workstream progress.
Contribute to demand intake and ServiceNow-based request management for new service account and access requests.
Participate in hypercare periods following major changes, providing rapid response to connectivity or authentication issues.
Communicate clearly with both technical and non-technical stakeholders, including lab scientists, Business System Owners, and senior leadership.
Salary Range: $ 70,000-$ 85,000 a year
TCS Employee Benefits Summary:
Discretionary Annual Incentive.
Comprehensive Medical Coverage: Medical & Health, Dental & Vision, Disability Planning & Insurance, Pet Insurance Plans.
Family Support: Maternal & Parental Leaves.
Insurance Options: Auto & Home Insurance, Identity Theft Protection.
Convenience & Professional Growth: Commuter Benefits & Certification & amp; Training Reimbursement.
Time Off: Vacation, Time Off, Sick Leave & Holidays.
Legal & Financial Assistance: Legal Assistance, 401K Plan, Performance Bonus, College Fund, Student Loan Refinancing.
#LI-SP1