Senior Cybersecurity Engineer – Exposure Management

Description

Senior Cybersecurity Engineer - Exposure Management

Syneos Health is a leading fully-integrated life sciences services organization built to accelerate customer success. We partner with innovators at every point across the drug development and commercialization continuum, helping them navigate complexity, anticipate change and accelerate progress.

Every day we perform better because of how we work together, as one team, each the best at what we do. We bring together talented experts across a broad spectrum of business critical corporate functions. Every role plays an essential part in enabling our customers to achieve their goals. Our teams are agile, collaborative, and committed to delivering-for each other, for our customers, and ultimately for the people who rely on the services we support.
Discover what your 25,000 future colleagues already know:

Why Syneos Health
. We are passionate about developing our people, through career development and progression supportive and engaged line management technical and therapeutic area training peer recognition and total rewards program.
. We are committed to building an inclusive culture - where you can authentically be yourself. Central to this is our purpose - Driven to Deliver - which captures the passion of our colleagues to show up each day and shape solutions that have the ability to dramatically impact someone's life.
. We are continuously building the company we all want to work for and our customers want to work with. Why Because we know that when we bring together smart colleagues from across the world, we can shape the future of healthcare, driving impact for customers and defining the pace of patient progress.

Job Responsibilities

Core Responsibilities

Exposure Management Engineering

• Engineer and operate exposure management capabilities across infrastructure, cloud, endpoints, identity, applications, and third-party surfaces.

• Maintain and enhance tooling that aggregates vulnerability data, asset context, threat intelligence, and exploitability signals.

• Ensure accurate asset discovery, coverage validation, and telemetry quality across the enterprise attack surface.

Risk-Based Prioritization

• Drive risk- and threat-informed prioritization beyond CVSS scoring.

• Incorporate exploit intelligence, threat actor activity, asset criticality, and compensating controls.

• Partner with technology and business owners to translate exposure into remediation priorities.

Threat-Aligned Analysis

• Correlate exposure data with threat intelligence and adversary TTPs.

• Support zero-day and emerging threat response through rapid exposure analysis.

• Collaborate with SMEs to define mitigation strategies and/or compensating controls

• Provide leadership with clear, defensible views of exposure and residual risk.

• Provide operational guidance to and oversight of managed server provider technicians.

Operational Integration

• Integrate exposure management into SOC, incident response, and security engineering workflows.

• Partner with cloud, endpoint, application, and infrastructure teams on remediation.

• Support SLA tracking, exception handling, and risk acceptance workflows.

Metrics, Reporting & Insight

• Define and maintain exposure-focused KPIs and dashboards.

• Communicate exposure trends and systemic risk to technical and non-technical stakeholders.

Technical Leadership & Growth

• Act as a senior technical mentor to analysts and engineers.

• Influence standards, reference architectures, and operating models.

• Contribute to roadmap planning and capability evolution.

• Develop leadership skills aligned with future people management responsibilities.

Required Qualifications

• 7+ years of cybersecurity experience with focus on exposure, vulnerability, or threat management.

• Hands-on experience with vulnerability and exposure management platforms.

• Strong understanding of threat intelligence, exploitability, and asset management.

• Proven ability to drive risk-based remediation.

• Strong written and verbal communication skills.

Nice to Have / Preferred

• Experience implementing CTEM-style exposure management programs.

• Familiarity with EPSS and threat intelligence feeds.

• Automation or scripting experience (Python, PowerShell, APIs).

• Exposure to AI-assisted risk analysis.

• Industry certifications (CISSP, GIAC, OSCP, cloud security).

What Success Looks Like

• Clear, defensible understanding of enterprise exposure.

• Reduced remediation noise with improved risk outcomes.

• Strong cross-functional partnerships.

• Readiness to transition into people leadership roles.

Get to know Syneos Health

Over the past 5 years, we have worked with 94% of all Novel FDA Approved Drugs, 95% of EMA Authorized Products and over 200 Studies across 73,000 Sites and 675,000+ Trial patients.

No matter what your role is, you'll take the initiative and challenge the status quo with us in a highly competitive and ever-changing environment. Learn more about Syneos Health.

Additional Information

Tasks, duties, and responsibilities as listed in this job description are not exhaustive. The Company, at its sole discretion and with no prior notice, may assign other tasks, duties, and job responsibilities. Equivalent experience, skills, and/or education will also be considered so qualifications of incumbents may differ from those listed in the Job Description. The Company, at its sole discretion, will determine what constitutes as equivalent to the qualifications described above. Further, nothing contained herein should be construed to create an employment contract. Occasionally, required skills/experiences for jobs are expressed in brief terms. Any language contained herein is intended to fully comply with all obligations imposed by the legislation of each country in which it operates, including the implementation of the EU Equality Directive, in relation to the recruitment and employment of its employees. The Company is committed to compliance with the Americans with Disabilities Act, including the provision of reasonable accommodations, when appropriate, to assist employees or applicants to perform the essential functions of the job.

Summary

The Senior Cybersecurity Engineer - Exposure Management is responsible for designing, operating, and continuously maturing the organization's exposure management capabilities across infrastructure, cloud, endpoint, identity, and application surfaces. This role goes beyond traditional vulnerability management by correlating assets, vulnerabilities, threat intelligence, and business context to drive meaningful risk reduction. This is a senior individual contributor role with increasing scope and influence, serving as a technical leader within Security Operations Engineering and a feeder role into people leadership or management.