Associate Systems Engineer Lab Systems & OT Security
Overview
We are seeking an Associate Systems Engineer Lab Systems & OT Security to support the security and modernization of laboratory and operational technology (OT) environments across global sites. This individual will work directly within the Lab Solutions team to execute a portfolio of active security workstreams - including Non-Attributable Account (NAA) remediation, software download restrictions, vulnerability remediation, and USB data transfer controls - while supporting the broader goal of bringing lab OT posture in line with enterprise security standards.
This is a highly technical, execution-focused role requiring strong hands-on skills in Active Directory, endpoint security, network architecture, and lab instrument environments. The successful candidate will be comfortable working across both IT and OT boundaries, engaging directly with Business System Owners, lab scientists, vendors, and global site partners to deliver change in a complex, multi-site environment___________________________
_____________
Key Responsibilities
1. NAA (Non-Attributable Account) Remediation
Support the design, testing, and execution of the Non-Attributable Account (NAA) remediation program across RC4-dependent and non-RC4-dependent account types.
Assist in building, maintaining, and activating host allow/deny lists within the Lab Organizational Unit (OU) in Active Directory.
Coordinate with InfoSec and AD teams to execute password reset mechanisms and validate outcomes across pilot and full-rollout phases.
Engage Business System Owners and lab staff to identify NAA usage patterns, confirm active engagements, and support transition to properly managed service accounts.
Support deployment and configuration of Transparent Screen Lock and BeyondTrust (password management and remote access) as replacement mechanisms for NAA-dependent workflows.
________________________________________
2. Software Governance & Controls
Assist in defining and implementing a policy-based software allowlist across lab workstations and instrument PCs in the Lab OU.
Identify currently installed unauthorized or unlicensed software across lab endpoints and support remediation planning.
Develop and maintain a formal exception request process for legitimate scientific software deployment needs.
________________________________________
3. Vulnerability Management
Support CrowdStrike EDR sensor deployment and gap closure across lab endpoints, coordinating with InfoSec and site partners.
Identify and remediate open or misconfigured file shares presenting lateral movement and data exfiltration risk.
Contribute to OS patching cadence and compliance tracking for lab workstations and instrument PCs.
Assist in end-of-life operating system identification, remediation planning, and isolation strategies across lab infrastructure.
Support server-level vulnerability triage and remediation in coordination with the infrastructure team.
________________________________________
4. USB & Data Transfer Controls
Assess current USB usage patterns across lab sites and instrument workflows.
Assist in defining and implementing a tiered USB restriction policy (block, monitor, allow-by-exception) that protects the environment without impeding legitimate scientific workflows.
Manage the formal USB exception process for vendor-mediated access scenarios.
________________________________________
5. Cross-Site & Operational Support
Serve as a hands-on technical resource for site partners across Boston/US, Oxford/UK, and other global lab locations.
Maintain accurate documentation of system configurations, allow/deny lists, service account inventories, and workstream progress.
Contribute to demand intake and ServiceNow-based request management for new service account and access requests.
Participate in hypercare periods following major changes, providing rapid response to connectivity or authentication issues.
Communicate clearly with both technical and non-technical stakeholders, including lab scientists, Business System Owners, and senior leadership.
________________________________________
Required Qualifications
Education
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
Experience
2 5 years of relevant experience in IT/OT systems engineering, endpoint security, or lab systems support; or an equivalent combination of education and experience.
Hands-on experience with Active Directory administration, including Organizational Unit (OU) management, Group Policy, and service account provisioning.
Experience working in or supporting laboratory, manufacturing, or operational technology environments.
Demonstrated experience executing security remediation activities such as patching, endpoint agent deployment, or access control changes.
Experience working with endpoint security platforms (CrowdStrike or equivalent EDR tools preferred).
Familiarity with privileged access management or password vault tools (BeyondTrust or equivalent).
Familiarity with Endpoint Management (EPM) tools for computer fleet management
________________________________________
Technical Skills
Identity & Access Management
Proficiency in Active Directory administration: OU structure, Group Policy Objects (GPOs), user/service account management, and authentication protocols including RC4/NTLM/Kerberos.
Understanding of allow/deny list enforcement mechanisms within AD and Lab OU environments.
Experience with service account lifecycle management and privileged access controls.
Understanding of enterprise Identity Management tools (Sailpoint)
Endpoint & OT Security
Working knowledge of endpoint detection and response (EDR) platforms, particularly CrowdStrike Falcon.
Understanding of OT/lab network architecture, including isolated or semi-isolated lab network segments, instrument connectivity, and associated security risks.
Familiarity with USB restriction and software control policies on Windows endpoints.
Knowledge of vulnerability management concepts: OS patching, EOL systems, open file shares, and network-level exposure.
Lab & Instrument Environment Familiarity
Understanding of how lab instruments authenticate to networks and the dependencies that exist between shared accounts and instrument operation.
Familiarity with Transparent Screen Lock (TSL) or similar technologies for instrument session management.
Awareness of lab data systems such as NuGenesis (SDMS), Empower (Waters), or similar scientific data and chromatography platforms is a plus.
Awareness of working in Biopharma Laboratory Environments
Awareness of GxP and Information Security compliance constraints
Familiarity with ITIL ITSM principles
Tools & Platforms
ServiceNow or equivalent ITSM platform for demand intake and ticket management.
BeyondTrust or equivalent privileged access management and remote support tooling.
Microsoft Windows Server and Windows 10/11 administration.
Familiarity with network monitoring and log analysis tools.
Proficiency in PowerShell preferred.________________________________________
Soft Skills
Strong analytical skills and attention to detail - comfortable working with large datasets (login logs, AD exports, host inventories) to draw meaningful conclusions.
Clear written and verbal communication skills; able to explain technical concepts to non-technical lab staff and Business System Owners.
Organized and execution-oriented - this role involves managing multiple concurrent workstreams with defined deadlines.
Comfortable operating in a fast-moving, ambiguous environment where priorities may shift based on security findings.
Collaborative and service-minded - the lab community depends on this role to keep instruments running securely.
________________________________________
Other Requirements
Ability to work across global, multi-site laboratory organizations including US East Coast (FanPier/Boston) and UK (Oxford/Milton Park).
Willingness to participate in hypercare periods and provide out-of-hours support during major change activations where required.
Ability to engage and build trust with both technical peers and non-technical lab and science stakeholders.
Experience operating within or alongside regulated environments (life sciences, pharmaceutical, or similar) is preferred but not required
________________________________________
About the Role
This role is part of a high-visibility security transformation initiative, with direct exposure to senior leadership and the opportunity to contribute meaningfully to strengthening lab and OT security capabilities at scale.