Company Information Clinical Ink is the global life science company that brings data, technology, and patient science together to unlock clinical discovery. Our deep therapeutic-area expertise, coupled with Direct Data Capture, eCOA, eConsent, telehealth, neurocognitive testing, and digital biomarkers advancement, drive the industry standard for data precision and usher in a new generation of clinical trials. With offices in Philadelphia, PA, Winston Salem, NC, and Iowa City, IA, Clinical Ink is rewriting the clinical development experience. Job Description Clinical Ink is seeking an Information Security Engineer to join our IT team based remotely across the United States. The Information Security Engineer will be responsible for safeguarding Clinical Ink’s systems, networks, and data against internal and external threats. This role ensures compliance with security standards and established SOPs, manages security controls, leads incident response efforts, and supports security audits. The ideal candidate will have strong technical expertise, a proactive approach to threat mitigation and system hardening, and the ability to collaborate across teams to maintain a robust security posture. The Information Security Engineer's responsibilities include: - Implement and maintain security policies, standards, and procedures aligned with established security frameworks and regulatory requirements. - Conduct internal and external security audits and risk assessments. - Manage and maintain the IT risk register - Manage user access controls, authentication mechanisms, and periodic access reviews. - Monitor security alerts from tools such as Arctic Wolf, Sentinel One, and SIEM platforms. - Lead incident response activities, including identification, containment, eradication, recovery, root cause analysis, and post-incident review. - Maintain and improve incident response playbooks. Conduct and document Incident Response Tabletop exercises. - Configure and maintain firewalls, intrusion detection/prevention systems, and endpoint protection solutions. - Ensure secure configurations for servers, laptops, and mobile devices. - Perform regular vulnerability scans and penetration tests - Coordinate and manage annual penetration testing. - Coordinate remediation efforts for identified vulnerabilities and risks. - Collaborate with IT teams to ensure timely patching and system updates - Manage security awareness programs and phishing campaigns for employees and contractors. - Maintain SOPs for security processes and incident response. - Align security processes and practices with established security standards and frameworks. - Document security architecture, processes, and incident reports for audits and management reviews. Qualifications - Bachelor’s degree in Computer Science, Information Technology, or related field. - 5+ years of experience in security engineering or related roles. - Certifications such as CISSP, CompTIA Security+, or AWS/Azure Security Specialty a plus. - Hands-on experience with security tools such as firewalls, SIEM, and endpoint protection. - Knowledge of ISO 27001, NIST, and other security frameworks. - Knowledge of AWS cloud center operations, network engineering, enterprise applications, security, and production support. - Hands-on experience in AWS or Azure infrastructure and cloud management. - Hands-on experience with scripting languages (e.g. Python, PowerShell, Bash, etc.). - Hands-on experience with CI/CD Pipelines and Terraform. - Prior experience in the Life Sciences industry preferred. - Demonstrated critical thinking skills and ability to plan at a strategic, global level. - Strong leadership and technical skills. - Ability to communicate complex technical topics to a wide variety of audiences. Additional Information Clinical ink is an equal opportunity employer and does not discriminate against otherwise qualified applicants on the basis of race, color, creed, religion, ancestry, age, sex, marital status, national origin, disability or handicap, or veteran status. www.clinicalink.com

• Design benchmark tasks by identifying vulnerability classes (type/subtype and difficulty level) and validating the intended exploit behavior • Create or validate small, runnable codebases (environment repositories) that include data ingestion and prompt/tool usage where trust boundaries may be violated • Validate attacks by writing exploit scripts and clearly documenting the resulting unsafe behavior • Implement or verify patches that prevent exploits, ensuring the fixes effectively mitigate the vulnerability • Produce detailed task metadata, including severity mapping, file and line references, impact analysis, remediation summaries, and relevant documentation • Conduct review and quality checks to ensure file paths resolve correctly, line ranges are accurate, sensitive labels are not leaked, and the patch successfully blocks the exploit

• Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android) • Conduct network and cloud level assessments • Triage and validate reports from automated scanners or bug bounty hunters • Perform prompt injection and jailbreak tests on AI prototypes • Draft high-quality reports detailing the "path to compromise" • Manage and update the team's testing infrastructure • Provide direct technical guidance to engineering teams • Design and lead multi-week Red Team operations • Build custom payloads and obfuscated scripts • Build automated testing frameworks for AI systems • Execute sophisticated attacks against cloud services • Collaborate with SIRT and Detection Engineering

• Own information security across the company • Define and maintain the security strategy, roadmap, and risk posture • Identify, assess, prioritize, and drive remediation of security risks • Build a strong security culture and awareness within the organisation • Ensure proper security policies, standards and guidelines are in place • Partner with Engineering and DevOps to ensure security of architecture, cloud, APIs, data flows and define secure SDLC practices • Own incident response process endtoend, including plans, coordination, and postincident improvements • Act as the main contact point for incidents • Own and manage regulatory and compliance programs (financial regulation, GDPR, future PCI DSS/and or ISO certifications) • Lead audits, assessments, and interactions with regulators and auditors • Provide clear reporting to leadership and be able to assess security risks in business terms