Security Manager jobs in Maryland

Are you ready to be part of the future of healthcare? Are you able to think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you!

As the Director of Product Security Engineering, you have a unique opportunity to join Evinova from the beginning. You will play a key role in implementing innovative cyber security practices that are designed by industry, for industry. You will report directly to the Evinova Head of Cyber Security, and focus collaborating with application development and platform engineering teams to deliver high quality application security services and expertise (e.g., code scanning, remediation prioritization and support). Additionally, you will collaborate across the entire Chief Technology Officer (CTO) organization to define and implement a multi-year application security and DevSecOps roadmap. You will have ample opportunity for program ownership, increased levels of accountability, and significant visibility within the CTO Leadership Team. You will collaborate with globally dispersed technology teams. Success in this role requires leading by influence, strong emotional intelligence, and a natural disposition towards precision and accuracy. The ideal candidate will think holistically and proactively deliver on strategic initiatives to ensure our digital solutions and platform are secured against emerging threats.  

Key Responsibilities include:

• Develop and operationalize a standardized Application Security and DevSecOps program which encompasses the core activities of Threat Modeling, Security Tools and Testing (e.g., SAST, SCA, DAST, IAST, etc.), and incorporating “privacy by design” and “secure by default” design processes into the CI / CD pipeline. 

• Leverage a variety of AppSec and DevSecOps oriented tools to identify, assess, and prioritize security vulnerabilities across our products and platform. Additionally, automating, and standardizing system configurations with a secure-by-default disposition.  This role will also be a key influencer for the selection of program enabling tools / solutions. 

•  Execute in-depth analysis and provide assurance over application code, infrastructure, architecture, and configuration posturing.

• Establish strong and productive relationships to ensure cyber security is viewed as an enabler and market differentiator. Providing expert level advisory and guidance on secure coding practices and addressing potential security risks. 

• Establish and operationalize an application security vulnerability management program which includes steps to validate, analyze, and prioritize vulnerabilities. Additionally, driving remediation efforts. 

• Develop secure development standards and related trainings to raise awareness of secure coding practices, threat actor tactics, and regulatory requirements. Leading efforts to automate infrastructure provisioning and application deployments. 

• Providing cyber expertise in the definition and implementation of Infrastructure as Code patterns and practices. 

• Partner with cyber security colleagues to deliver on continuous improvement objectives and deepen adjacent team’s awareness of product and application security risks and threat actor trends. 

• Execute security architecture reviews for major product changes, providing assurance over security standards alignment, and driving security enhancements across existing solutions.

• Lead co-sourced engagements to conduct application penetration testing, and other simulated “hacking” activities to proactively identify weaknesses and developing actionable remediation strategies. 

• Collaborates with the Cyber GRC Lead to develop and report on related Key Performance Indicators and Key Risk Indicators, and the continuous improvement of security controls, processes, policies, standards, and other governing documents.

• Together with the Security Operations Lead, manage and respond to product and application security alerts – guiding platform and product teams through high severity incidents. 

• Provide support to external audit and customer due diligence requests, and providing training to adjacent colleagues on security awareness and best practices. 

Essential Skills/Experience:

• Bachelor’s degree in Technology, Computer Science, Software Engineering, or a related field.

• 6 years of combined experience in the areas of software development, application and API security, penetration and vulnerability scanning, and ethical hacking.

• Prior experience providing AppSec capabilities for a SaaS / cloud service provider.

• Expert level understanding of security standards (e.g., ISO 27001, GDPR, OWASP), DevSecOps practices / tools (e.g., CI/CD, Infrastructure as Code, SAST, DAST), and agile methodologies.

• Deep understanding of application security related frameworks, securing applications on the AWS cloud platform, containerization technologies, and security best practices (e.g., API, Containers, AWS Cloud).

• Strong familiarity and past experiences conducting Open-Source Software Clearance and Threat Modelling.

• Prior experiences conducting web and mobile application penetration testing, documenting results, and presenting remediation strategies to a diverse stakeholder group.

• Prior experiences successfully driving “secure by default” / shift left buy in across multiple teams.

• Ability to make pragmatic decisions by analyzing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements.

• Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities.

• Excellent written and verbal communication skills (English), project management, process improvement, attention to detail, and strategic thinking skills are highly preferred.

• At least one of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Solutions Architect, and / or Certified Ethical Hacker (CEH).

• Knowledge of at least 2 programming languages used in web-based applications.

Desirable Skills/Experience:

• Master’s degree in Technology, Computer Science, Software Engineering, or a related field.

• Demonstrable experience presenting to external customers and senior levels of management.

• Prior experience as a Software Developer, Infrastructure Engineer, and / or Product Security Officer.

• Expert knowledge on threat actors targeting the Healthtech sector and SaaS solution providers.

• Experience providing AppSec capabilities within a highly regulated sophisticated global business environment, particularly in the healthcare and / or clinical research industry. 

• Demonstrate initiative, strong customer orientation, and cross-cultural working. 

In Office Requirement:

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. This role is based in Gaithersburg MD. Remote or alterative arrangements are not available for this role.

Why Evinova?

Evinova draws on AstraZeneca’s deep experience developing novel therapeutics, informed by insights from thousands of patients and clinical researchers. Together, we can accelerate the delivery of life-changing medicines, improve the design and delivery of clinical trials for better patient experiences and outcomes, and think more holistically about patient care before, during and after treatment.  We know that regulators, healthcare professionals and care teams at clinical trial sites do not want a fragmented approach. They do not want a future where every pharmaceutical company provides their own, different digital solutions. They want solutions that work across the sector, simplify their workload and benefit patients broadly. By bringing our solutions to the wider healthcare community, we can help build more unified approaches to how we all develop and deploy digital technologies, better serving our teams, physicians and ultimately patients.  Evinova represents a unique opportunity to deliver meaningful outcomes with digital and AI to serve the wider healthcare community and create new standards for the sector.  Join us on our journey of building a new kind of health tech business to reset expectations of what a bio-pharmaceutical company can be. This means we’re opening new ways to work, pioneering cutting edge methods and bringing unexpected teams together. Interested? Come and join our journey

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.