Product Security Engineer (“AppSec”)
Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you!
Transform billions of patients' lives through innovative technology, data, and cutting-edge ways of working. You’re disruptive, decisive and transformative. Someone who’s excited to use technology to improve patients’ health. We’re building a new healthtech business – Evinova, a fully-owned subsidiary of AstraZeneca Group.
Evinova delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we’re helping. Launch pioneering digital solutions that improve the patients’ experience and deliver better health outcomes. Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.
The Product Security Engineer (“AppSec”) role at Evinovais uniquely positioned to advance the security pillar of our software development lifecycle. As a member of the Evinova Cybersecurity organization, and specifically aligned to the Product Security Engineering team, this role will advise on the security posture of our SaaS product portfolio by conducting security assessments, reviewing code, managing AppSec security tools, and collaborating cross-functionally to remediate software security issues. This role will partner with the other domains of the Evinova Cybersecurity organization, including Cyber Governance Risk and Compliance, Security Operations, and Cloud Security. Success in this role includes providing expert-level support for the adoption of secure development standards, and delivering developer focused training on emerging threats and secure coding practices.Evinova is committed to providing secure, scalable, and innovative Digital Health solutions to the Life Sciences sector – providing this role ample opportunities for professional development, intellectual curiosity, and leadership visibility.
Key Responsibilities:
Perform all aspects of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Application Programming Interface (API) Security assessments to identifycode vulnerabilities, architectural misconfigurations and runtime security weaknesses.
Evaluate the use of third-party code libraries by driving Software Composition Analysis (SCA) and supporting Software Bill of Materials (SBOM) development tasks.
Contribute to Threat Modeling and Design Reviews by identifying AppSec relevant gaps and proposing to cross-functional teams secure design patterns which are aligned with best practices and regulatory requirements.
Provide actionable and impactful remediation guidance to Software Development and Engineering teams ensuring security findings are understood and fixes are implemented in a timely manner.
Monitor and support the configuration, execution, and optimization of our AppSec tools and seamless integration with CI/CD pipelines.
Facilitate knowledge sharing and security best practices adoption by conducting training sessions (live and recorded) and developing security-relevant documentation.
Partner with other Cybersecurity peers to advance the continuous improvement of our enterprise-wide cybersecurity controls, development processes, governance policies / standards, and other initiatives related to holistic cybersecurity.
Demonstrate initiative, strong customer orientation, and cross-cultural working.
Minimum Qualifications:
2+ years of demonstrable experience in Application Security, Software Engineering, or a related field. Relevant internships, coursework and extra-curricular activitiesmay also be considered as experience.
Strong understanding of web application security, authentication, authorization, and encryption concepts.
Familiarity with leading secure coding principles, frameworks, and guidance such as OWASP Top 10 and NIST Special Publications.
Basic proficiencyin at least one programming language (e.g., Python, Java).
Hands-on experience with leading SAST, DAST, SCA, and API Security related tools and methodologies.
Analytical mindset and approach to addressing security findings, issue prioritization, and stakeholder articulation.
Ability to work cross-functionality with globally dispersed engineers, product teams, and cyber peers.
Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.
Excellent written and verbal communication skills (English)
Desired Qualifications:
At least 4+ years of providing AppSec capabilities for a SaaS/cloud service provider.
Prior experience as a Software Developer, Infrastructure Engineer, and/or Product Security Engineer.
Experience providing AppSec capabilities within a highly regulated and global business environment, particularly in the healthcare and/or clinical research industry (added plus).
Operational familiarity with leading Product Security enabling and adjacenttechnologies such as GitHub Advanced Security,Sonarcube, 42Crunch API Security,InsightAppSec, Wiz, Splunk Cloud, or their equivalents.
Expert-level proficiency in all aspects of the AppSec Domain, CI/CD pipelines,and DevSecOps principles.
Strong understanding of Amazon Web Services (AWS) as an Infrastructure provider, Containerization (Kubernetes), Serverless Computing, Infrastructure-as-Code, and other next generation Cloud Computing technologies and engineering approaches.
At least one relevant cybersecurity certifications such as CISSP, CEH, OSCP, AWS Certifications, etc.
Why Evinova (AstraZeneca)?
Evinova draws on AstraZeneca’s deep experience developing novel therapeutics, informed by insights from thousands of patients and clinical researchers. Together, we can accelerate the delivery of life-changing medicines, improve the design and delivery of clinical trials for better patient experiences and outcomes, and think more holistically about patient care before, during and after treatment. We know that regulators, healthcare professionals and care teams at clinical trial sites do not want a fragmented approach. They do not want a future where every pharmaceutical company provides their own, different digital solutions. They want solutions that work across the sector, simplify their workload and benefit patients broadly. By bringing our solutions to the wider healthcare community, we can help build more unified approaches to how we all develop and deploy digital technologies, better serving our teams, physicians and ultimately patients. Evinovarepresents a unique opportunity to deliver meaningful outcomes with digital and AI to serve the wider healthcare community and create new standards for the sector. Join us on our journey of building a new kind of health tech business to reset expectations of what a bio-pharmaceutical company can be. This means we’re opening new ways to work, pioneering cutting edge methods and bringing unexpected teams together. Interested? Come and join our journey.
So, what’s next!
Are you already imagining yourself joining our team? Good, because we can’t wait to hear from you.
Are you ready to bring new ideas and fresh thinking to the table? Brilliant! We have one seat available, and we hope it’s yours.
We welcome with your application, no later than April 15, 2024.
Where can I find out more?
Our Social Media, Follow AstraZeneca on LinkedIn https://www.linkedin.com/company/1603/
Follow AstraZeneca on Facebook https://www.facebook.com/astrazenecacareers/
Follow AstraZeneca on Instagram https://www.instagram.com/astrazeneca_careers/?hl=en
Learn more about Evinovawww.evinova.com
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.
De nouvelles offres d'emploi sont disponibles.
