Cybersecurity Specialist II - Cloud Security

Bristol Myers Squibb is seeking a Cybersecurity Specialist II with 4+ years of experience to enhance application and cloud security. The role involves integrating security into the SDLC, implementing SAST, DAST, and SCA, and managing DevSecOps practices with CI/CD pipelines and GitHub. The specialist will also perform cloud security assessments using CSPM tools like Wiz.io across AWS, Azure, and GCP, and automate security processes with scripting and REST APIs. This position requires strong collaboration with cross-functional teams to identify and mitigate vulnerabilities.

Must Have

• Integrate security throughout the SDLC
• Implement and manage SAST, DAST, and SCA practices
• Work with CI/CD pipelines and GitHub for automated security
• Utilize CSPM tools (e.g., Wiz.io) for AWS, Azure, and GCP
• Conduct regular security assessments
• Develop scripts and use REST APIs for automation
• 4+ years of experience in Cloud Security and integrating security into SDLC
• Strong knowledge of CI/CD pipelines, GitHub, and DevSecOps practices
• Hands-on experience with AWS, Azure, or GCP
• Experience with cloud security management and mitigating cloud vulnerabilities in multi-cloud environments

Good to Have

• Proficiency in Python
• Proficiency in JavaScript
• Familiarity with REST APIs
• CISSP certification
• CCSP certification
• AWS Security certification
• Azure Security certification
• GCP Security certification

Perks & Benefits

• Benefits and Wellbeing: Global platform and benefits for physical, mental, financial and social wellbeing.
• Recognition: Global platform to reward your achievements
• Time Off: Generous time off to rest and recharge
• Health Benefits: Best-in-class benefits
• 8 People & Business Resource Groups

Working with Us

Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us.

We are seeking a highly skilled Security Specialist with over 4+ years of experience to enhance our security posture across application and cloud environments. This role will involve partnering with development teams to integrate security into the SDLC, performing cloud security assessments, and leveraging modern security tools and practices to safeguard applications and cloud infrastructures.

Key Responsibilities:

• Application Security: Collaborate with development teams to integrate security throughout the SDLC. Implement and manage Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) practices.
• DevSecOps: Work with CI/CD pipelines and tools such as GitHub to implement automated security practices in the development lifecycle. Foster a DevSecOps culture by ensuring security is integrated into the development process from start to finish.
• Cloud Security Management: Utilize Cloud Security Posture Management (CSPM) tools like Wiz.io to assess and mitigate vulnerabilities in AWS, Azure, and GCP cloud environments. Conduct regular security assessments to maintain compliance with industry standards.
• Collaboration: Partner with cross-functional teams to enhance cloud security, identify vulnerabilities, and ensure the effective application of security policies.
• Scripting and Automation: Develop scripts (e.g., Python, JavaScript) and utilize REST APIs to automate security processes and enhance security operations across cloud environments.

Primary Skills:

• 2+ of years of proven experience in Cloud Security and integrating security into SDLC (SAST, DAST, and SCA).
• Strong knowledge of CI/CD pipelines, GitHub, and DevSecOps practices.
• Hands-on experience with AWS, Azure, or GCP.
• Proficiency in scripting languages like Python and JavaScript is plus.
• Experience using cloud security tools (e.g., CSPM) to manage security in cloud environments.
• Experience with cloud security management and mitigating cloud vulnerabilities in multi-cloud environments (AWS, Azure, GCP).
• Familiarity with REST APIs to integrate security tools and automate security operations is plus.
• Relevant certifications such as CISSP, CCSP, or cloud provider certifications (AWS, Azure, or GCP Security) is added advantage.
• Strong communication skills with the ability to work collaboratively across multiple teams.

If you come across a role that intrigues you but doesn’t perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.

Uniquely Interesting Work, Life-changing Careers

With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture, promoting global participation in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

On-site Protocol

BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:

Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.

Supporting People with Disabilities

BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to adastaffingsupport@bms.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.

Candidate Rights

BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.

If you live in or expect to work from Los Angeles County if hired for this position, please visit this page for important additional information: https://careers.bms.com/california-residents/

Data Protection

We will never request payments, financial information, or social security numbers during our application or recruitment process. Learn more about protecting yourself at https://careers.bms.com/fraud-protection.

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.