Product Security Engineering Lead

Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you

Transform billions of patients’ lives through technology, data and cutting-edge ways of working. You’re disruptive, decisive and transformative. Someone who’s excited to use technology to improve patients’ health. We’re building a new healthtech business - Evinova, a fully-owned subsidiary of AstraZeneca Group.

Evinova is know looking for someone who would like to join the Cyber Security team as a Product Security Engineering Lead.

Evinova delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we’re helping. Launch pioneering digital solutions that improve the patients’ experience and deliver better health outcomes. Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.

**Key responsibilities**
- Develop and operationalize a standardized Application Security program which encompasses the core activities of Threat Modeling, Security Tools and Testing (e.g., SAST, SCA, DAST, IAST, etc.), and incorporating “privacy by design” and “secure by default” design processes into the CI / CD pipeline. Additionally, in collaboration with the Cyber GRC Lead - develop security metrics articulating the health of the overall Application Security program.
- Establish strong and productive relationships with Development and Engineering teams to ensure cyber security is viewed as a partner and not a blocker.
- Develop secure development standards and related trainings to raise awareness of secure coding practices, threat actor tactics, and regulatory requirements
- Execute security architecture reviews for major product changes, providing assurance over security standards alignment, and driving security enhancements across existing solutions.

**Minimum Qualifications**
- Bachelor’s degree in Technology, Computer Science, Software Engineering, or a related field.
- Prior experience providing AppSec capabilities for a SaaS / cloud service provider.
- Familiarity with “Software as a Medical Device” related regulations and standards is a strong plus.
- Expert level understanding of the OWASP Top Ten vulnerabilities, API security considerations, and related remediation strategies.
- Expert level understanding and prior use of AppSec scanning tools and processing results into actionable tasks (e.g., SAST, SCA, DAST).
- Strong familiarity and past experiences conducting Open-Source Software Clearance (technical focus) and Threat Modelling.
- Prior experiences successfully driving “secure by default” buy in across multiple teams.
- Ability to make pragmatic decisions by analyzing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements.
- Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.
- Excellent written and verbal communications skills (English), project management, process improvement, attention to details and strategic thinking skills are highly preferred
- At leasr one of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Security, and / or Certified Ethical Hacker (CEH).

**Desired Qualifications**
- Master’s degree in Technology, Computer Science, Software Engineering, or a related field.
- Prior experience as a Software Developer
- Expert knowledge on threat actors targeting the Healthtech sector and SaaS solution providers.
- Experience in providing AppSec capabilities within a highly regulated sophisticated global business environment, particularly in the healthcare and / or clinical research industry.
- Demonstrate initiative, strong customer orientation, and cross-cultural working.

**Why Evinova( AstraZeneca)?**

Evinova draws on AstraZeneca’s deep experience developing novel therapeutics, informed by insights from thousands of patients and clinical researchers. Together, we can accelerate the delivery of life-changing medicines, improve the design and delivery of clinical trials for better patient experiences and outcomes, and think more holistically about patient care before, during and after treatment. We know that regulators, healthcare professionals and care teams at clinical trial sites do not want a fragmented approach. They do not want a future where ever