The Ecole polytechnique fédérale de Lausanne (EPFL) is one of the most dynamic university campuses in Europe and ranks among the top 20 universities worldwide. The EPFL employs 6,000 people supporting the three main missions of the institutions: education, research and innovation. The EPFL campus offers an exceptional working environment at the heart of a community of 16,000 people, including over 10,000 students and 3,500 researchers from 120 different countries.
Data Privacy and Security Engineer in Genomics and Health
Your mission :
As a hands-on technical specialist, the Data Privacy and Security Engineer will be in direct contact with technology standards and best practices for protecting genomic and health data and services consistent with the Global Alliance for Genomics and Health (GA4GH) policy framework, including the development, customization, and adoption of standards for identity management, data security, privacy protection, and service assurance. The Data Privacy and Security Engineer will have two main tasks. On the one hand, he/she will contribute to ongoing software developments of the LCA1 lab. On the other hand, he/she will provide direct support to the leaders of the Data Security Work Stream at the GA4GH.
Main duties and responsibilities include :
- Contribute to the software design, coding, testing and documentation within LCA1 projects, such as Data Protection in Personalized Health (DPPH) and MedCo (around 40%)
- Contribute to the activities of the Data Security Work Stream of GA4GH (around 50%)
- Support the design and development of the overall security architectures of GA4GH driver projects
- Take a hands-on role in building security solutions and improving existing ones for GA4GH driver projects, integrating GA4GH security best practices
- Prepare system security reports by collecting, analyzing and summarizing data and trends
- Support the establishment and implementation of privacy policies and procedures designed to ensure genomic data protection worldwide. Contribute to the privacy oversight into all ongoing activities related to the development, maintenance of and adherence to the GA4GH policies and procedures
- Promote effective awareness of privacy information and emerging privacy-enhancing technologies across GA4GH through collaborative processes such as training and awareness programs
- Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates
- Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations (around 10%).
Your profile :
- Master’s degree in Computer Science or similar field
- Experience in programming and software engineering
- Experience in privacy/data protection
- Experience with threat modeling, testing and privacy-focused design of complex products and services
- Knowledge of common information security management frameworks and practices such as ISO/IEC 17799:2005 and ISO/IEC 270xx, National Institute of Standards and Technology (NIST), and the United States Computer Emergency Readiness Team (US-CERT)
- Experience in securing scalable Web architectures and distributed systems
- Experience securing and architecting cloud-based infrastructures (e.g., Amazon AWS and Google)
- Ability to deal with multiple projects involving cross-functional stakeholders, driving and tracking decision-making and deliverables
- Excellent time management and related organizational skills
- Excellent oral/written communication in English, problem solving, strategic thinking and analytical skills
- Ability to work independently and as part of a team to achieve the desired objectives and project results
- Ability to work in a multicultural environment
- The knowledge of French is not required
- Knowledge in genomics, bioinformatics or similar field
- Technical expertise in back-end genomic/health data collection, sharing and utilization
- Knowledge of the relevant legal framework for data protection, e.g., the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the EU General Data Protection Regulation (GDPR).
Work environment and conditions :
The chosen candidate will be based in Lausanne, working within the LCA1 lab at EPFL. As one of the highest-ranked technology institutes internationally, EPFL offers a thriving intellectual environment and outstanding facilities. It is located in Lausanne, a beautiful and culturally active city on the shores of Lake Geneva close to the Swiss and French Alps.
The LCA1 lab led by Prof. JP Hubaux is highly committed to data protection and in particular to the protection of health and genomic data. The lab is heavily involved in initiatives at the Swiss level, including the Data Protection in Personalized Health (DPPH) project and is developing tools such as MedCo. It also plays a leading role at the international level, notably through the Data Security Work Stream of the GA4GH.
The Global Alliance for Genomics and Health (GA4GH) is an international, nonprofit alliance formed in 2013 to accelerate the potential of research and medicine to advance human health. Bringing together 500+ leading organizations working in healthcare, research, patient advocacy, life science, and information technology, the GA4GH community is working together to create frameworks and standards to enable the responsible, voluntary, and secure sharing of genomic and health-related data. Within GA4GH, the foundational Data Security Work Stream provides a guide to both Technical Work Streams and Driver Projects in the area of data security and privacy in genomics.
We offer a full-time position, with competitive salary and employment conditions, defined by EPFL regulations.
Start date :
to be defined
to be defined
Term of employment :
Work rate :apply online