Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you!
Evinova delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we're helping. Launch pioneering digital solutions that improve the patients' experience and deliver better health outcomes. Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.
The Product Security Engineering Lead role presents a unique opportunity to join Evinova from the beginning and implementing innovative cyber security practices that are designed by industry, for industry. The Product Security Engineering Lead, reporting to the Evinova Head of Cyber Security, will be focused on working across product and platform engineering teams to deliver high quality application security services and expertise (e.g., code scanning, remediation prioritization and support).
The role will collaborate across the entire Chief Technology Officer (CTO) organization to define a multi-year application security roadmap and drive the implementation. The role will provide ample opportunities for program ownership, increased levels of accountability, and significant visibility within the CTO Leadership Team. This role will closely collaborate with globally dispersed technology teams - enabling excellent opportunities for professional development across technology domains and international geographies.
Success in this role requires leading by influence, exhibiting strong emotional intelligence, and a natural disposition towards precision and accuracy. The ideal candidate will think holistically and proactively deliver on strategic initiatives to ensure our digital solutions are secured against emerging threats.
Key responsibilities
* Develop and operationalize a standardized Application Security program which encompasses the core activities of Threat Modeling, Security Tools and Testing (e.g., SAST, SCA, DAST, IAST, etc.), and incorporating "privacy by design" and "secure by default" design processes into the CI / CD pipeline. Additionally, in collaboration with the Cyber GRC Lead - develop security metrics articulating the health of the overall Application Security program.
* Establish strong and productive relationships with Development and Engineering teams to ensure cyber security is viewed as a partner and not a blocker
* Establish and operationalize an application security vulnerability management program which includes steps to validate, analyze, and prioritize vulnerabilities. Additionally, driving remediation efforts
Minimum Qualifications
* Bachelor's degree in Technology, Computer Science, Software Engineering, or a related field
* 6+ years of combined experience in the areas of software development, application and API security, penetration and vulnerability scanning, and ethical hacking
* Prior experience providing AppSec capabilities for a SaaS / cloud service provider
* Familiarity with "Software as a Medical Device" related regulations and standards is a strong plus
* Deep understanding of application security related frameworks, standards, and adversarial tactics, techniques, and procedures (TTPs)
* Expert level understanding of the OWASP Top Ten vulnerabilities, API security considerations, and related remediation strategies
* Expert level understanding and prior use of AppSec scanning tools and processing results into actionable tasks (e.g., SAST, SCA, DAST)
* Strong familiarity and past experiences conducting Open-Source Software Clearance (technical focus) and Threat Modelling
* Prior experiences securing applications built on the AWS infrastructure
* Prior experiences conducting web and mobile application penetration testing, documenting results, and presenting remediation strategies to a diverse stakeholder group
* Prior experiences successfully driving "secure by default" buy in across multiple teams
* Ability to make pragmatic decisions by analyzing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements
* Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.
* Excellent written and verbal communications skills (English), project management, process improvement, attention to details and strategic thinking skills are highly preferred
* At least one of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Security, and / or Certified Ethical Hacker (CEH)
* Knowledge of at least 2 programming languages used in web-based applications
Desired
* Master's degree in Technology, Computer Science, Software Engineering, or a related field.
* Prior experience as a Software Developer
* Expert knowledge on threat actors targeting the Healthtech sector and SaaS solution providers
* Experience in providing AppSec capabilities within a highly regulated sophisticated global business environment, particularly in the healthcare and / or clinical research industry
* Demonstrate initiative, strong customer orientation, and cross-cultural working
