Benchtop Support in Oxford

Benchtop Support in Oxford

Oxford Full-Time No working from home possible
Tcs Uk

The Role

  • We are seeking an Associate Systems Engineer to support the security and modernization of laboratory and operational technology (OT) environments across global sites.

  • This individual will work directly within the Lab Solutions team to execute a portfolio of active security workstreams β€” including Non-Attributable Account (NAA) remediation, software download restrictions, vulnerability remediation, and USB data transfer controls β€” while supporting the broader goal of bringing lab OT posture in line with enterprise security standards.

  • This is a highly technical, execution-focused role requiring strong hands-on skills in Active Directory, endpoint security, network architecture, and lab instrument environments.

  • The successful candidate will be comfortable working across both IT and OT boundaries, engaging directly with Business System Owners, lab scientists, vendors, and global site partners to deliver change in a complex, multi-site environment responsibilities: -

1. NAA (Non-Attributable Account) Remediation

  • Support the design, testing, and execution of the Non-Attributable Account (NAA) remediation program across RC4-dependent and non-RC4-dependent account types.

  • Assist in building, maintaining, and activating host allow/deny lists within the Lab Organizational Unit (OU) in Active Directory.

  • Coordinate with InfoSec and AD teams to execute password reset mechanisms and validate outcomes across pilot and full-rollout phases.

  • Engage Business System Owners and lab staff to identify NAA usage patterns, confirm active engagements, and support transition to properly managed service accounts.

  • Support deployment and configuration of Transparent Screen Lock and BeyondTrust (password management and remote access) as replacement mechanisms for NAA- dependent workflows.

2. Software Governance & Controls

  • Assist in defining and implementing a policy-based software allowlist across lab workstations and instrument PCs in the Lab OU.

  • Identify currently installed unauthorized or unlicensed software across lab endpoints and support remediation planning.

  • Develop and maintain a formal exception request process for legitimate scientific software deployment needs.

3. Vulnerability Management

  • Support CrowdStrike EDR sensor deployment and gap closure across lab endpoints, coordinating with InfoSec and site partners.

  • Identify and remediate open or misconfigured file shares presenting lateral movement and data exfiltration risk.

  • Contribute to OS patching cadence and compliance tracking for lab workstations and instrument PCs.

  • Assist in end-of-life operating system identification, remediation planning, and isolation strategies across lab infrastructure.

  • Support server-level vulnerability triage and remediation in coordination with the infrastructure team.

4. USB & Data Transfer Controls

  • Assess current USB usage patterns across lab sites and instrument workflows.

  • Assist in defining and implementing a tiered USB restriction policy (block, monitor, allow-by-exception) that protects the environment without impeding legitimate scientific workflows.

  • Manage the formal USB exception process for vendor-mediated access scenarios.

5. Cross-Site & Operational Support

  • Serve as a hands-on technical resource for site partners across and other global lab locations.

  • Maintain accurate documentation of system configurations, allow/deny lists, service account inventories, and workstream progress.

  • Contribute to demand intake and ServiceNow-based request management for new service account and access requests.

  • Participate in hypercare periods following major changes, providing rapid response to connectivity or authentication issues.

  • Communicate clearly with both technical and non-technical stakeholders, including lab scientists, Business System Owners, and senior leadership.

Essential skills/knowledge/experience:

Identity & Access Management

  • Proficiency in Active Directory administration: OU structure, Group Policy Objects (GPOs), user/service account management, and authentication protocols including RC4/NTLM/Kerberos.

  • Understanding of allow/deny list enforcement mechanisms within AD and Lab OU environments.

  • Experience with service account lifecycle management and privileged access controls.

  • Understanding of enterprise Identity Management tools (Sailpoint)

Endpoint & OT Security

  • Working knowledge of endpoint detection and response (EDR) platforms, particularly CrowdStrike Falcon.

  • Understanding of OT/lab network architecture, including isolated or semi-isolated lab network segments, instrument connectivity, and associated security risks.

  • Familiarity with USB restriction and software control policies on Windows endpoints.

  • Knowledge of vulnerability management concepts: OS patching, EOL systems, open file shares, and network-level exposure.

Lab & Instrument Environment Familiarity

  • Understanding of how lab instruments authenticate to networks and the dependencies that exist between shared accounts and instrument operation.

  • Familiarity with Transparent Screen Lock (TSL) or similar technologies for instrument session management.

  • Awareness of lab data systems such as NuGenesis (SDMS), Empower (Waters), or similar scientific data and chromatography platforms is a plus.

  • Awareness of working in Biopharma Laboratory Environments

  • Awareness of GxP and Information Security compliance constraints

  • Familiarity with ITIL ITSM principles

Tools & Platforms

  • ServiceNow or equivalent ITSM platform for demand intake and ticket management.

  • BeyondTrust or equivalent privileged access management and remote support tooling.

  • Microsoft Windows Server and Windows 10/11 administration.

  • Familiarity with network monitoring and log analysis tools.

  • Proficiency in PowerShell preferred.

Desirable skills/knowledge/experience:

  • Strong analytical skills and attention to detail β€” comfortable working with large datasets (login logs, AD exports, host inventories) to draw meaningful conclusions.

  • Clear written and verbal communication skills; able to explain technical concepts to non-technical lab staff and Business System Owners.

  • Organized and execution-oriented β€” this role involves managing multiple concurrent workstreams with defined deadlines.

  • Comfortable operating in a fast-moving, ambiguous environment where priorities may shift based on security findings.

  • Collaborative and service-minded β€” the lab community depends on this role to keep instruments running securely.

Tcs Uk

Contact Details:

Tcs Uk Recruitment Team