Career Category
Information SystemsJob Description
Senior Associate Application Security Engineer
The Senior Associate IS Security Engineer plays an integral role in Information Security for Amgen. The primary responsibility is to support various capabilities within Amgen’s Application Security function. The IS Security Engineer will work with various partners at Amgen in a manner aligned to Amgen’s values to define and implement Information Security Services strategies, standards, tools and processes.
The IS Security Engineer will be a part of Amgen’s Information Security team and will be expected to contribute to and help deliver services and projects in other areas of information security.
The role will be part of the Information Security team responsible for delivering security services across Amgen globally. This position will focus on Secure SDLC and Application Security services and technologies to ensure a secure by design approach across Amgen’s applications.
The individual will partner with developers and business owners from applicable technical teams to assess the security architecture of new products and capabilities via application security assessments, prioritise and advise on options to mitigate identified flaws and vulnerabilities and work with development teams to define and evangelize security best practices.
Responsibilities
Review code for security vulnerabilities and practices dangerous to security and privacy.
Write custom rules on automated source code scanning tools
Script (Python, Perl, Ruby etc) and build automation tools on an ad-hoc basis
Create and deliver knowledge sharing presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques.
Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps
Help with tools identification, onboarding and/or tools development to assist developers in the secure development of applications
Configure, run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools
Build process and technology to improve the reporting and prioritization of identified weaknesses
Discover threats, vulnerabilities and exploits through architecture design review, threat modeling, code review, SAST and DAST assessments
Triage issues found by tools, external reports, and various tests, to accurately assess the real risks
Offer remediation guidance to stakeholders for identified issues and serve as an escalation resource for developers as they reduce issues
Draft application security policies, standards and guidance documentation that can be leveraged in the secure development of products and services
Monitor latest web application security developments and security trends to continually improve internal processes;
Work with DevOps team to improve Application Security; Research, Prototype, integrate Security Tools into CI/CD pipeline (container security, SAST, DAST, IAST, third party vulnerability Scanning, etc) aiming to achieve 100% coverage of all deployment/build pipelines
Collaborates cross-functionally with analysts, engineers, data scientists to achieve continuous improvement in cyber defense/resilience.
IS Security Engineer will also present project status reports to senior management, adhere to policies and practices relative to technical guidelines and change management processes, and may contribute to the development of new policies and practices by suggesting innovative ideas.
Basic Qualifications
Doctorate degree
OR
Master’s degree and 1 year of Information Systems and/or Computer Science experience
OR
Bachelor’s degree and 2 years of Information Systems and/or Computer Science experience
OR
Associate’s degree and 5 years of Information Systems and/or Computer Science experience
OR
High school diploma / GED and 8 years of Information Systems and/or Computer Science experience
Preferred Qualifications
Strong understanding of common software and web application security vulnerabilities. including OWASP top 10, SANS/CWE Top 25 etc
Security verification of web applications or mobile apps using OWASP ASVS/M-ASVS and testing guides
Hands-on experience with tools and technologies used throughout secure SDLC (e.g., Burp Suite/ZAP, Fortify/Checkmarx /Veracode, WhiteSource/Blackduck).
Experience driving application security requirements in a traditional SDLC and through stories and epics in an Agile and SCRUM development environment
DevOps experience building and deploying infrastructure with cloud deployment, build and test automation technologies like ansible, chef, puppet, docker, jenkins, gitlab etc.
Good hands-on experience with AWS foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies
Ability to review, understand and proficiency with two or more of (JavaScript, Python, Java, Swift. Kotlin etc)
Experience with scripting languages (e.g., Python, Ruby) and automating tasks
Experience building and maintaining relationships with development teams
Comfortable with using Git
Excellent verbal and written communication skills
Effective working with global, virtual teams
Successful management of multiple priorities
Team-oriented, placing priority on the successful completion of team goals
Self-starter with a high degree of initiative
Experience with regulated systems (GxP, SOX) in the pharmaceutical, biotechnology, healthcare industry
Excellent analytical and troubleshooting skills
Experience with complex technologies that impact security
One or more security certifications such as CSSLP, CISSP, GWEB, GSSP-JAVA or CEH;
Get email alerts for the latest"Senior Associate Application Security Engineer jobs in Us - north carolina - charlotte"