Product Security Engineering Lead - Gothenburg, Sverige - AstraZeneca

    AstraZeneca
    AstraZeneca Gothenburg, Sverige

    Hittade i: Talent SE C2 - för 2 veckor sedan

    Default job background
    Heltid
    Beskrivning

    Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you

    Transform billions of patients' lives through technology, data and cutting-edge ways of working. You're disruptive, decisive and transformative. Someone who's excited to use technology to improve patients' health. We're building a new healthtech business – Evinova, a fully-owned subsidiary of AstraZeneca Group.

    Evinova is know looking for someone who would like to join the Cyber Security team as a Product Security Engineering Lead.

    Evinova delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we're helping. Launch pioneering digital solutions that improve the patients' experience and deliver better health outcomes. Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.

    The Product Security Engineering Lead role presents a unique opportunity to join Evinova from the beginning and implementing innovative cyber security practices that are designed by industry, for industry. The Product Security Engineering Lead, reporting to the Evinova Head of Cyber Security, will be focused on working across product and platform engineering teams to deliver high quality application security services and expertise (e.g., code scanning, remediation prioritization and support).

    Additionally, the role will collaborate across the entire Chief Technology Officer (CTO) organization to define a multi-year application security roadmap and drive the implementation. The role will provide ample opportunities for program ownership, increased levels of accountability, and significant visibility within the CTO Leadership Team. This role will closely collaborate with globally dispersed technology teams – enabling excellent opportunities for professional development across technology domains and international geographies.

    Success in this role requires leading by influence, exhibiting strong emotional intelligence, and a natural disposition towards precision and accuracy. The ideal candidate will think holistically and proactively deliver on strategic initiatives to ensure our digital solutions are secured against emerging threats.

    Together with the Security Operations Lead, manage and respond to product and application security alerts – guiding platform and product teams through high severity incidents.

    Key responsibilities

  • Develop and operationalize a standardized Application Security program which encompasses the core activities of Threat Modeling, Security Tools and Testing (e.g., SAST, SCA, DAST, IAST, etc.), and incorporating "privacy by design" and "secure by default" design processes into the CI / CD pipeline. Additionally, in collaboration with the Cyber GRC Lead – develop security metrics articulating the health of the overall Application Security program.
  • Establish strong and productive relationships with Development and Engineering teams to ensure cyber security is viewed as a partner and not a blocker.
  • Establish and operationalize an application security vulnerability management program which includes steps to validate, analyze, and prioritize vulnerabilities. Additionally, driving remediation efforts.
  • Develop secure development standards and related trainings to raise awareness of secure coding practices, threat actor tactics, and regulatory requirements
  • Partner with cyber security colleagues to deliver on continuous improvement objectives and deepen adjacent team's awareness of product and application security risks and threat actor trends.
  • Execute security architecture reviews for major product changes, providing assurance over security standards alignment, and driving security enhancements across existing solutions.
  • Lead co-sourced engagements to conduct application penetration testing, and other simulated "hacking" activities to proactively identify weaknesses and developing actionable remediation strategies.
  • Together with the Security Operations Lead manage and respond to product and application security alerts - guiding platform and product through severity incidents.

    • Minimum Qualifications

  • Bachelor's degree in Technology, Computer Science, Software Engineering, or a related field.
  • 6+ years of combined experience in the areas of software development, application and API security, penetration and vulnerability scanning, and ethical hacking.
  • Prior experience providing AppSec capabilities for a SaaS / cloud service provider.
  • Familiarity with "Software as a Medical Device" related regulations and standards is a strong plus.
  • Deep understanding of application security related frameworks, standards, and adversarial tactics, techniques, and procedures (TTPs).
  • Expert level understanding of the OWASP Top Ten vulnerabilities, API security considerations, and related remediation strategies.
  • Expert level understanding and prior use of AppSec scanning tools and processing results into actionable tasks (e.g., SAST, SCA, DAST).
  • Strong familiarity and past experiences conducting Open-Source Software Clearance (technical focus) and Threat Modelling.
  • Prior experiences securing applications built on the AWS infrastructure.
  • Prior experiences conducting web and mobile application penetration testing, documenting results, and presenting remediation strategies to a diverse stakeholder group.
  • Prior experiences successfully driving "secure by default" buy in across multiple teams.
  • Ability to make pragmatic decisions by analyzing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements.
  • Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.
  • Excellent written and verbal communications skills (English), project management, process improvement, attention to details and strategic thinking skills are highly preferred
  • At leasr one of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Security, and / or Certified Ethical Hacker (CEH).
  • Knowledge of at least 2 programming languages used in web-based applications.

    • Desired Qualifications

  • Master's degree in Technology, Computer Science, Software Engineering, or a related field.
  • Prior experience as a Software Developer
  • Expert knowledge on threat actors targeting the Healthtech sector and SaaS solution providers.
  • Experience in providing AppSec capabilities within a highly regulated sophisticated global business environment, particularly in the healthcare and / or clinical research industry.
  • Demonstrate initiative, strong customer orientation, and cross-cultural working.

    • Why Evinova( AstraZeneca)?

    Evinova draws on AstraZeneca's deep experience developing novel therapeutics, informed by insights from thousands of patients and clinical researchers. Together, we can accelerate the delivery of life-changing medicines, improve the design and delivery of clinical trials for better patient experiences and outcomes, and think more holistically about patient care before, during and after treatment. We know that regulators, healthcare professionals and care teams at clinical trial sites do not want a fragmented approach. They do not want a future where every pharmaceutical company provides their own, different digital solutions. They want solutions that work across the sector, simplify their workload and benefit patients broadly. By bringing our solutions to the wider healthcare community, we can help build more unified approaches to how we all develop and deploy digital technologies, better serving our teams, physicians and ultimately patients. Evinova represents a unique opportunity to deliver meaningful outcomes with digital and AI to serve the wider healthcare community and create new standards for the sector.

    Join us on our journey of building a new kind of health tech business to reset expectations of what a bio-pharmaceutical company can be. This means we're opening new ways to work, pioneering cutting edge methods and bringing unexpecteams together. Interested? Come and join our journ

    So what's next?
    Are you ready to bring new ideas and fresh thinking to the table? Brilliant We have one seat available and we hope it's yours. Welcome with your application

    Date Posted

    09-apr.-2024

    Closing Date

    23-apr.-2024Our mission is to build an inclusive and equitable environment. We want people to feel they belong at AstraZeneca and Alexion, starting with our recruitment process. We welcome and consider applications from all qualified candidates, regardless of characteristics. We offer reasonable adjustments/accommodations to help all candidates to perform at their best. If you have a need for any adjustments/accommodations, please complete the section in the application form.