Director of Product Security Engineering - Gaithersburg, United States - AstraZeneca

AstraZeneca

Verified Company

Gaithersburg, United States

3 weeks ago

Posted by:

Mark Lane

beBee recruiter

Description

Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you

Key Responsibilities include:

Develop and operationalize a standardized Application Security and DevSecOps program which encompasses the core activities of Threat Modeling, Security Tools and Testing (e.g., SAST, SCA, DAST, IAST, etc.), and incorporating "privacy by design" and "secure by default" design processes into the CI / CD pipeline.
Leverage a variety of AppSec and DevSecOps oriented tools to identify, assess, and prioritize security vulnerabilities across our products and platform. Additionally, automating, and standardizing system configurations with a securebydefault disposition. This role will also be a key influencer for the selection of program enabling tools / solutions.
Establish strong and productive relationships to ensure cyber security is viewed as an enabler and market differentiator. Providing expert level advisory and guidance on secure coding practices and addressing potential security risks.
Providing cyber expertise in the definition and implementation of Infrastructure as Code patterns and practices.
Execute security architecture reviews for major product changes, providing assurance over security standards alignment, and driving security enhancements across existing solutions.
Collaborates with the Cyber GRC Lead to develop and report on related Key Performance Indicators and Key Risk Indicators, and the continuous improvement of security controls, processes, policies, standards, and other governing documents.
Provide support to external audit and customer due diligence requests, and providing training to adjacent colleagues on security awareness and best practices.

Essential Skills/Experience:

Bachelor's degree in Technology, Computer Science, Software Engineering, or a related field.
Prior experience providing AppSec capabilities for a SaaS / cloud service provider.
Expert level understanding of security standards (e.g., ISO 27001, GDPR, OWASP), DevSecOps practices / tools (e.g., CI/CD, Infrastructure as Code, SAST, DAST), and agile methodologies.
Strong familiarity and past experiences conducting Open-Source Software Clearance and Threat Modelling.
Prior experiences successfully driving "secure by default" / shift left buy in across multiple teams.
Ability to make pragmatic decisions by analyzing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements.
Ability to work independently in a fastpaced environment with a proven ability to manage competing priorities.
Excellent written and verbal communication skills (English), project management, process improvement, attention to detail, and strategic thinking skills are highly preferred.
At least one of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Solutions Architect, and / or Certified Ethical Hacker (CEH).

Desirable Skills/Experience:

Master's degree in Technology, Computer Science, Software Engineering, or a related field.
Demonstrable experience presenting to external customers and senior levels of management.
Prior experience as a Software Developer, Infrastructure Engineer, and / or Product Security Officer.
Expert knowledge on threat actors targeting the Healthtech sector and SaaS solution providers.
Experience providing AppSec capabilities within a highly regulated sophisticated global business environment, particularly in the healthcare and / or clinical research industry.
Demonstrate initiative, strong customer orientation, and crosscultural working.

In Office Requirement:

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines.

In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. This role is based in Gaithersburg MD. Remote or alterative arrangements are not available for this role.

Why Evinova?
Evinova draws on AstraZeneca's deep experience developing novel therapeutics, informed by insights from thousands of patients and clinical researchers.

Together, we can accelerate the delivery of life-changing medicines, improve the design and delivery of clinical trials for better patient experiences and outcomes, and think more holistically about patient care before, during and after treatment.

We know that regulators, healthcare professionals and care teams at clinical trial sites do not want a fragmented approach. They do not want a future where every pharmaceutical company provides their own, different digital so