Security Engineer (Vista, CA, US, 92081) presso Peptide & Oligo Manufacturer & CDMO | Bachem

A brief overview

The Security Engineer is part of the Global IT, Security & Compliance (CISO) team, supporting security across IT, OT, and cloud environments. This role involves managing internal security platforms, partnering with our 24/7 MDR provider, responding to incidents, and integrating security into company-wide initiatives. The Security Engineer also contributes to the design and enhancement of security tools and promotes best practices throughout the organization.

What you will do

• Act as the primary interface with our external MDR team for alerts, investigations, and incident handling.
• Lead and support internal incident management, including triage, containment, remediation, and post-incident reviews.
• Onboard and integrate new log/data sources into security monitoring.
• Monitor vulnerabilities and support patch management coordination.
• Design, manage, maintain, and optimize internal security applications such as EDR/XDR, SIEM, SOAR, IAM, PAM, vulnerability management, and DLP.
• Develop and automate operational processes, playbooks, and response workflows.
• Partner with IT, OT, and business teams to embed security into projects (cloud, infrastructure, workplace, OT).
• Support OT security initiatives, including securing industrial control systems, legacy systems, and production environments.
• Contribute to security architecture and roadmap initiatives.
• Act as a security advocate to promote best practices and raise awareness across teams.
• Design modern, user-friendly security solutions that balance usability, compliance, and risk reduction.

Qualifications

• Bachelor's degree information security, computer science, or engineering
• Master's degree information security, computer science, or engineering (preferred)
• Experience working within an SOC or MDR environment
• Strong understanding of incident response processes and digital forensics basics
• Knowledge of security frameworks and standards (ISO 27001, NIST, CIS, MITRE ATT&CK)
• Ability to design and implement modern, user-friendly security solutions that drive adoption across business and IT/OT stakeholders
• Excellent communication skills to collaborate with IT, OT, and business stakeholders
• Analytical mindset with problem-solving ability
• Relevant certifications are a plus (e.g., GCIA, GCIH, GCED, Azure Security Engineer, CISSP, Security+)
• EDR/XDR and endpoint security (Microsoft Defender)
• SIEM/SOAR administration and tuning (Microsoft Sentinel)
• Understanding of Identity and Access Management (IAM, PAM, MFA)
• Vulnerability management tools and remediation workflows
• Cloud security (Azure, AWS, GCP)
• Scripting/automation
• OT security (ICS/SCADA, IIoT, legacy systems) desirable

Base salary range: $83,120 - $114,290

Placement of new hires in this wage range is based on several factors including education, skill sets, experience, and training.

Total Rewards

We offer all Team Members a total rewards package including competitive pay, annual performance bonus, a generous benefit package with comprehensive Medical/Dental/Vision coverage, 401(k) plan with employer contribution, and paid vacation, personal and sick days.

 Corporate Social Responsibility

 Bachem takes responsibility for future generations by a careful handling of resources and avoiding environmental risks. We continually improve our ecological performance and develop and implement new approaches for enhancing employees’ environmental awareness.  EcoVadis has awarded Bachem Gold Medal status in their assessment of Bachem.

Bachem Americas is an Equal Opportunity Employer

As an equal opportunity employer, we celebrate the diversity of our team and are committed to building an inclusive workplace where individuals are hired and advanced based on merit, skills, and qualifications. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or other legally protected status.