Director of Product Security Engineering

Director of Product Security Engineering 

Introduction to Role:
Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you! Transform billions of patients’ lives through technology, data and cutting-edge ways of working. You’re disruptive, decisive and transformative. Someone who’s excited to use technology to improve patients’ health. We’re building a new healthtech business – Evinova, a fully-owned subsidiary of AstraZeneca Group.

Accountabilities:
The Director of Product Security Engineering presents a unique opportunity to join Evinova from the beginning and implementing innovative cyber security practices that are designed by industry, for industry. This role reports to the Evinova Head of Cyber Security, and will be focused on working across application development and platform engineering teams to deliver high quality application security services and expertise (e.g., code scanning, remediation prioritization and support). Additionally, the role will collaborate across the entire Chief Technology Officer (CTO) organization to define a multi-year application security roadmap and drive the implementation. The role will provide ample opportunities for program ownership, increased levels of accountability, and significant visibility within the CTO Leadership Team. Additionally, this role will closely collaborate with globally dispersed technology teams – enabling excellent opportunities for professional development across technology domains and international geographies. Success in this role requires leading by influence, exhibiting strong emotional intelligence, and a natural disposition towards precision and accuracy. The ideal candidate will think holistically and proactively deliver on strategic initiatives to ensure our digital solutions are secured against emerging threats.

Essential Skills/Experience:
• Bachelor’s degree in Technology, Computer Science, Software Engineering, or a related field.
• 6+ years of combined experience in the areas of software development, application and API security, penetration and vulnerability scanning, and ethical hacking.
• Prior experience providing AppSec capabilities for a SaaS / cloud service provider.
• Deep understanding of application security related frameworks, standards, and adversarial tactics, techniques, and procedures (TTPs).
• Expert level understanding of the OWASP Top Ten vulnerabilities, API security considerations, and related remediation strategies.
• Expert level understanding and prior use of AppSec scanning tools and processing results into actionable tasks (e.g., SAST, SCA, DAST).
• Strong familiarity and past experiences conducting Open-Source Software Clearance (technical focus) and Threat Modelling.
• Prior experiences securing applications built on the AWS infrastructure.
• Prior experiences conducting web and mobile application penetration testing, documenting results, and presenting remediation strategies to a diverse stakeholder group.
• Prior experiences successfully driving “secure by default” / shift left buy in across multiple teams.
• Ability to make pragmatic decisions by analyzing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements.
• Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.
• Excellent written and verbal communication skills (English), project management, process improvement, attention to detail, and strategic thinking skills are highly preferred.
• At least one of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Security, and / or Certified Ethical Hacker (CEH).
• Knowledge of at least 2 programming languages used in web-based applications.

Desirable Skills/Experience:
• Master’s degree in Technology, Computer Science, Software Engineering, or a related field.
• Prior experience as a Software Developer
• Expert knowledge on threat actors targeting the Healthtech sector and SaaS solution providers.
• Familiarity with “Software as a Medical Device” related regulations and standards is a strong plus.
• Experience in providing AppSec capabilities within a highly regulated sophisticated global business environment, particularly in the healthcare and / or clinical research industry.
• Demonstrate initiative, strong customer orientation, and cross-cultural working.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. But that doesn't mean we’re not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca:
Be part of the team playing a critical role in driving meaningful change in the way we predict, prevent and treat patients' conditions. A place that's actively embracing and investing in technology, we harness digital, data and analytics to reimagine the future of healthcare and deliver improved outcomes to patients beyond core medical. Our work is shaping the future. improving and speeding up portfolio development, improving the patient experience and outcomes at clinical trials. Join the team that is co-creating a digital ecosystem with patients at its core. 

Unleash your creativity to challenge the status quo! To thrive In the Research & Development Digital Health team takes critical and different thinking to drive innovation. We are comfortable with challenge and encourage each other to disrupt to make a difference. By unleashing our curiosity and creativity we develop ideas and reimagine solutions.

Ready to make a difference? Apply today!

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.