Senior Cybersecurity Engineer Job at Labcorp in Durham

Join to apply for the Senior Cybersecurity Engineer role at Labcorp.

Laboratory Corporation of America (LCA) is seeking a Cybersecurity Engineer to join its Office of Information Security, reporting to the head of Security Engineering and Architecture. The Cybersecurity Engineer will have practical experience in multiple information security domains, with strengths in securing cloud-native environments and protecting regulated data, including PHI, PII, and PCI. The role entails understanding modern enterprise security challenges and working with teams to ensure Labcorp’s enterprise security strategy is carried out, including secure adoption and advancement of AI technology and platforms.

Applicants who live within 35 miles of either the Burlington, NC or Durham, NC location will follow a hybrid schedule. This schedule includes a minimum of three in-office days per week at an assigned location, either Burlington or Durham, supporting collaboration and flexibility.

Responsibilities

• Partner with other technical teams to design and drive the implementation of security controls for PaaS and IaaS environments and associated components, including:
• Infrastructure as code (IaC)
• Container security (Kubernetes/EKS, ECS, image scanning)
• Serverless functions/Lambda
• Data services (S3, RDS, DynamoDB)
• M365 Services (Entra, Purview, Intune)
• Design, implement, and oversee security controls for AI platforms, including data governance, model integrity, access control, and adversarial threat mitigation

• Lead efforts to ensure sensitive data protections in accordance with internal policy and external regulations, including:
• Encryption at rest (application encryption, transparent data encryption)
• Encryption in transit (TLS, IPSec)
• Key management (KMS/Key Vault, HSM)
• Tokenization/deidentification of PHI

• Lead and participate in technical security reviews of strategic applications:
• Collaborate with IT teams to understand design and document risks
• Recommend and drive adoption of technical controls to strengthen security posture
• Collaborate with application development teams on embedding fine-grained authorization in modern web applications and microservices
• Develop technical security standards and best practices across security domains and evangelize them to IT teams
• Articulate common TTPs used by malicious software and threat actors, with remediation, to IT teams
• Provide level 3 security incident support as required
• Assist Governance, Risk, and Compliance to answer technical questions from auditors and clients
• In partnership with the Office of Information Security, research and recommend emerging security technologies/tools
• Represent security and risk interests to technical staff and business stakeholders

Qualifications

Minimum Required:

• Minimum 5 years of experience in cybersecurity
• Hands-on experience with a major public cloud platform (AWS, Azure, or GCP)
• Experience securing cloud-native services in PaaS/IaaS environments
• Understanding of identity and access management concepts for application authentication/authorization, especially OAuth 2.0 and OIDC
• Familiarity with REST APIs and healthcare standards such as HL7 FHIR and SMART on FHIR
• Experience implementing security controls to protect regulated data
• Strong interpersonal, written, and oral communication skills
• Highly self-motivated with keen attention to detail
• Proven project management and organizational skills, including managing multiple concurrent projects
• Excellent analytical, problem-solving, and decision-making abilities
• Ability to prioritise in a high-pressure environment
• Strong customer service and solution-focused orientation

Preferred Skills:

• Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline
• CISSP certification desired
• Familiarity with scripting (PowerShell, Python, shell scripting)
• Familiarity with threat analysis models such as the cyber kill chain and the MITRE ATT&CK framework
• Familiarity with identity-centric zero trust network access (ZTNA) solutions
• Previous experience securing medical and related instrumentation devices
• Understanding of industry standards and compliance requirements related to cybersecurity and cloud computing (ISO 27001, HIPAA, PCI DSS)
• Familiarity with NIST and/or CIS benchmarks

Benefits

Employees regularly scheduled to work 20 or more hours per week are eligible for comprehensive benefits including Medical, Dental, Vision, Life, STD/LTD, 401(k), PTO/FTO, Tuition Reimbursement, and Employee Stock Purchase Plan. Part-time employees are eligible for 401(k) Plan only. For more details, please refer to the official benefits information.

Equal Opportunity Employer

Labcorp is an equal opportunity employer and does not tolerate harassment or discrimination. Qualified applicants will receive consideration without regard to race, religion, color, national origin, sex, pregnancy, disability, or other legally protected characteristics. We also consider arrest and conviction records in accordance with applicable law.

Accessibility If you need assistance or an accommodation to search or apply for jobs, please visit Labcorp Accessibility. For information about how we collect and store your personal data, please see our Privacy Statement.