Product Security Engineer (âAppSecâ) - Evinova
Product Security Engineer (âAppSecâ) - Evinova
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 103398 - 155847
1 Vacancy
Job Description
Are you ready to be part of the future of healthcare Are you able to think big be bold and harness the power of digital and AI to tackle longstanding life sciences challenges Then Evinova a new health tech business part of the AstraZeneca Group might be for you!
Transform billions of patients lives through technology data and cutting-edge ways of working. Youre disruptive decisive and transformative. Someone whos excited to use technology to improve patients health. Were building a new healthtech business Evinova a fully-owned subsidiary of AstraZeneca Group.
Our Gaithersburg Maryland facility creates life-changing medicines for people around the world. This campus employs more than 3500 experts in our field and is only a short drive from Washington DC. This modern and vibrant scientific campus is the home of R&D and Oncology in the US. Here we play host to some of the most cutting-edge technology and lab spaces all designed to inspire collaboration and cross-functional science. We believe employees benefit from being challenged and inspired at work. We are dedicated to creating a culture of inclusion and collaboration.
The Gaithersburg site offers a variety of amenities to help boost productivity and help keep our employees happy and healthy. This includes a fitness center employee healthcare clinic electric vehicle charging stations dry cleaning full-service cafeteria and copy center. This is where youll find newly-designed activity-based work spaces to suit a variety of working styles while increasing collaboration between teams.
Evinova delivers market-leading digital health solutions that are science-based evidence-led and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients were helping. Launch pioneering digital solutions that improve the patients experience and deliver better health outcomes. Together we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.
The Product Security Engineer (AppSec) role at Evinova is uniquely positioned to advance the security pillar of our software development lifecycle. As a member of the Evinova Cybersecurity organization and specifically aligned to the Product Security Engineering team this role will advise on the security posture of our SaaS product portfolio by conducting security assessments reviewing code managing AppSec security tools and collaborating cross-functionally to remediate software security issues. This role will partner with the other domains of the Evinova Cybersecurity organization including Cyber Governance Risk and Compliance Security Operations and Cloud Security. Success in this role includes providing expert-level support for the adoption of secure development standards and delivering developer focused training on emerging threats and secure coding practices. Evinova is committed to providing secure scalable and innovative Digital Health solutions to the Life Sciences sector providing this role ample opportunities for professional development intellectual curiosity and leadership visibility.
Key Responsibilities:
Perform all aspects of Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) and Application Programming Interface (API) Security assessments to identify code vulnerabilities architectural misconfigurations and runtime security weaknesses.
Evaluate the use of third-party code libraries by driving Software Composition Analysis (SCA) and supporting Software Bill of Materials (SBOM) development tasks.
Contribute to Threat Modeling and Design Reviews by identifying AppSec relevant gaps and proposing to cross-functional teams secure design patterns which are aligned with best practices and regulatory requirements.
Provide actionable and impactful remediation guidance to Software Development and Engineering teams ensuring security findings are understood and fixes are implemented in a timely manner.
Monitor and support the configuration execution and optimization of our AppSec tools and seamless integration with CI/CD pipelines.
Facilitate knowledge sharing and security best practices adoption by conducting training sessions (live and recorded) and developing security-relevant documentation.
Partner with other Cybersecurity peers to advance the continuous improvement of our enterprise-wide cybersecurity controls development processes governance policies / standards and other initiatives related to holistic cybersecurity.
Demonstrate initiative strong customer orientation and cross-cultural working.
Minimum Qualifications:
2 years of demonstrable experience in Application Security Software Engineering or a related field. Relevant internships coursework and extra-curricular activities may also be considered as experience.
Strong understanding of web application security authentication authorization and encryption concepts.
Familiarity with leading secure coding principles frameworks and guidance such as OWASP Top 10 and NIST Special Publications.
Basic proficiency in at least one programming language (e.g. Python Java).
Hands-on experience with leading SAST DAST SCA and API Security related tools and methodologies.
Analytical mindset and approach to addressing security findings issue prioritization and stakeholder articulation.
Ability to work cross-functionality with globally dispersed engineers product teams and cyber peers.
Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.
Excellent written and verbal communication skills (English)
Desired Qualifications:
At least 4 years of providing AppSec capabilities for a SaaS/cloud service provider.
Prior experience as a Software Developer Infrastructure Engineer and/or Product Security Engineer.
Experience providing AppSec capabilities within a highly regulated and global business environment particularly in the healthcare and/or clinical research industry (added plus).
Operational familiarity with leading Product Security enabling and adjacent technologies such as GitHub Advanced Security Sonarcube 42Crunch API Security InsightAppSec Wiz Splunk Cloud or their equivalents.
Expert-level proficiency in all aspects of the AppSec Domain CI/CD pipelines and DevSecOps principles.
Strong understanding of Amazon Web Services (AWS) as an Infrastructure provider Containerization (Kubernetes) Serverless Computing Infrastructure-as-Code and other next generation Cloud Computing technologies and engineering approaches.
At least one relevant cybersecurity certifications such as CISSP CEH OSCP AWS Certifications etc.
Why Evinova (AstraZeneca)
Evinova draws on AstraZenecas deep experience developing novel therapeutics informed by insights from thousands of patients and clinical researchers. Together we can accelerate the delivery of life-changing medicines improve the design and delivery of clinical trials for better patient experiences and outcomes and think more holistically about patient care before during and after treatment. We know that regulators healthcare professionals and care teams at clinical trial sites do not want a fragmented approach. They do not want a future where every pharmaceutical company provides its own different digital solutions. They want solutions that work across the sector simplify their workload and benefit patients broadly. By bringing our solutions to the wider healthcare community we can help build more unified approaches to how we all develop and deploy digital technologies better serving our teams physicians and ultimately patients. Evinova represents a unique opportunity to deliver meaningful outcomes with digital and AI to serve the wider healthcare community and create new standards for the sector. Join us on our journey of building a new kind of health-tech business to reset expectations of what a bio-pharmaceutical company can be. This means were opening new ways to work pioneering cutting-edge methods and bringing unexpected teams together.
So whats next!
Are you already envisioning yourself joining our team Good because we cant wait to hear from you.
Where can I find out more
Our Social Media Follow AstraZeneca on LinkedIn AstraZeneca on Facebook AstraZeneca on Instagram more about Evinova
The annual base pay for this position ranges from $103398 to $ and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime pay offered may vary depending on multiple individualized factors including market location job-related knowledge skills and experience. In addition our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles)to receive a retirement contribution (hourly roles) and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program 401(k) plan; paid vacation and holidays; paid leaves; and health benefits including medical prescription drug dental and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired employee will be in an at-will position and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time including for reasons related to individual performance Company or individual department/team performance and market factors.
Date Posted
21-may-2025Closing Date
30-may-2025Our mission is to build an inclusive and equitable environment. We want people to feel they belong at AstraZeneca and Alexion starting with our recruitment process. We welcome and consider applications from all qualified candidates regardless of characteristics. We offer reasonable adjustments/accommodations to help all candidates to perform at their best. If you have a need for any adjustments/accommodations please complete the section in the application form.Employment Type
Full-Time
