Labcorp
Join to apply for the Senior Cybersecurity Engineer role at Labcorp .
Laboratory Corporation of America (LCA) is seeking a Cybersecurity Engineer to join its Office of Information Security, reporting to the head of Security Engineering and Architecture. The Cybersecurity Engineer will have practical experience in multiple information security domains, with strengths in securing cloud-native environments and protecting regulated data, including PHI, PII, and PCI. The role entails understanding modern enterprise security challenges and working with teams to ensure Labcorp’s enterprise security strategy is carried out, including secure adoption and advancement of AI technology and platforms.
Applicants who live within 35 miles of either the Burlington, NC or Durham, NC location will follow a hybrid schedule. This schedule includes a minimum of three in-office days per week at an assigned location, either Burlington or Durham, supporting collaboration and flexibility.
Responsibilities Partner with other technical teams to design and drive the implementation of security controls for PaaS and IaaS environments and associated components, including:
Infrastructure as code (IaC)
Container security (Kubernetes/EKS, ECS, image scanning)
Serverless functions/Lambda
Data services (S3, RDS, DynamoDB)
M365 Services (Entra, Purview, Intune)
Design, implement, and oversee security controls for AI platforms, including data governance, model integrity, access control, and adversarial threat mitigation
Lead efforts to ensure sensitive data protections in accordance with internal policy and external regulations, including:
Encryption at rest (application encryption, transparent data encryption)
Encryption in transit (TLS, IPSec)
Key management (KMS/Key Vault, HSM)
Tokenization/deidentification of PHI
Lead and participate in technical security reviews of strategic applications:
Collaborate with IT teams to understand design and document risks
Recommend and drive adoption of technical controls to strengthen security posture
Collaborate with application development teams on embedding fine-grained authorization in modern web applications and microservices
Develop technical security standards and best practices across security domains and evangelize them to IT teams
Articulate common TTPs used by malicious software and threat actors, with remediation, to IT teams
Provide level 3 security incident support as required
Assist Governance, Risk, and Compliance to answer technical questions from auditors and clients
In partnership with the Office of Information Security, research and recommend emerging security technologies/tools
Represent security and risk interests to technical staff and business stakeholders
Qualifications Minimum Required:
Minimum 5 years of experience in cybersecurity
Hands-on experience with a major public cloud platform (AWS, Azure, or GCP)
Experience securing cloud-native services in PaaS/IaaS environments
Understanding of identity and access management concepts for application authentication/authorization, especially OAuth 2.0 and OIDC
Familiarity with REST APIs and healthcare standards such as HL7 FHIR and SMART on FHIR
Experience implementing security controls to protect regulated data
Strong interpersonal, written, and oral communication skills
Highly self-motivated with keen attention to detail
Proven project management and organizational skills, including managing multiple concurrent projects
Excellent analytical, problem-solving, and decision-making abilities
Ability to prioritise in a high-pressure environment
Strong customer service and solution-focused orientation
Preferred Skills:
Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline
CISSP certification desired
Familiarity with scripting (PowerShell, Python, shell scripting)
Familiarity with threat analysis models such as the cyber kill chain and the MITRE ATT&CK framework
Familiarity with identity-centric zero trust network access (ZTNA) solutions
Previous experience securing medical and related instrumentation devices
Understanding of industry standards and compliance requirements related to cybersecurity and cloud computing (ISO 27001, HIPAA, PCI DSS)
Familiarity with NIST and/or CIS benchmarks
Benefits Employees regularly scheduled to work 20 or more hours per week are eligible for comprehensive benefits including Medical, Dental, Vision, Life, STD/LTD, 401(k), PTO/FTO, Tuition Reimbursement, and Employee Stock Purchase Plan. Part-time employees are eligible for 401(k) Plan only. For more details, please refer to the official benefits information.
Equal Opportunity Employer Labcorp is an equal opportunity employer and does not tolerate harassment or discrimination. Qualified applicants will receive consideration without regard to race, religion, color, national origin, sex, pregnancy, disability, or other legally protected characteristics. We also consider arrest and conviction records in accordance with applicable law.
Accessibility If you need assistance or an accommodation to search or apply for jobs, please visit Labcorp Accessibility. For information about how we collect and store your personal data, please see our Privacy Statement.
#J-18808-Ljbffr