24 days old

Application Security Engineer

Amgen
Tampa, FL 33602
  • Job Code
    114881868
Amgen

Job ID: R-84492
Location: Tampa, FL, US 33602

The Senior Associate IS Security Engineer role based in Tampa, FL plays an integral role in Information Security for Amgen. The primary responsibility is to support various capabilities within Amgen's Application Security function. The IS Security Engineer will work with various partners at Amgen in a manner aligned to Amgen's values to define and implement Information Security Services strategies, standards, tools and processes.

At Amgen, our mission is simple: to serve patients. Our new Tampa Capability Center provides essential services that enable us to better pursue this mission. This state-of-the art center serves as a base for finance, information systems, cyber security and human resources professionals to make a meaningful impact at one of the world's leading biotechnology companies.

The IS Security Engineer will be a part of Amgen's Information Security team and will be expected to contribute to and help deliver services and projects in other areas of information security.

The role will be part of the Information Security team responsible for delivering security services across Amgen globally. This position will focus on Secure SDLC and Application Security services and technologies to ensure a secure by design approach across Amgen's applications.

The individual will partner with developers and business owners from applicable technical teams to assess the security architecture of new products and capabilities via application security assessments, prioritise and advise on options to mitigate identified flaws and vulnerabilities and work with development teams to define and evangelize security best practices.

Responsibilities
  • Review code for security vulnerabilities and practices dangerous to security and privacy.
  • Write custom rules on automated source code scanning tools
  • Script (Python, Perl, Ruby etc) and build automation tools on an ad-hoc basis
  • Create and deliver knowledge sharing presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques.
  • Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps
  • Help with tools identification, onboarding and/or tools development to assist developers in the secure development of applications
  • Configure, run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools
  • Build process and technology to improve the reporting and prioritization of identified weaknesses
  • Discover threats, vulnerabilities and exploits through architecture design review, threat modeling, code review, SAST and DAST assessments
  • Triage issues found by tools, external reports, and various tests, to accurately assess the real risks
  • Offer remediation guidance to stakeholders for identified issues and serve as an escalation resource for developers as they reduce issues
  • Draft application security policies, standards and guidance documentation that can be leveraged in the secure development of products and services
  • Monitor latest web application security developments and security trends to continually improve internal processes;
  • Work with DevOps team to improve Application Security; Research, Prototype, integrate Security Tools into CI/CD pipeline (container security, SAST, DAST, IAST, third party vulnerability Scanning, etc) aiming to achieve 100% coverage of all deployment/build pipelines
  • Collaborates cross-functionally with analysts, engineers, data scientists to achieve continuous improvement in cyber defense/resilience.


IS Security Engineer will also present project status reports to senior management, adhere to policies and practices relative to technical guidelines and change management processes, and may contribute to the development of new policies and practices by suggesting innovative ideas.

Basic Qualifications

Master's degree

OR

Bachelor's degree and 2 years of Information Systems and/or Computer Science experience

OR

Associate's degree and 6 years of Information Systems and/or Computer Science experience

OR

High school diploma / GED and 8 years of Information Systems and/or Computer Science experience

Preferred Qualifications
  • Strong understanding of common software and web application security vulnerabilities. including OWASP top 10, SANS/CWE Top 25 etc
  • Security verification of web applications or mobile apps using OWASP ASVS/M-ASVS and testing guides
  • Hands-on experience with tools and technologies used throughout secure SDLC (e.g., Burp Suite/ZAP, Fortify/Checkmarx /Veracode, WhiteSource/Blackduck).
  • Experience driving application security requirements in a traditional SDLC and through stories and epics in an Agile and SCRUM development environment
  • DevOps experience building and deploying infrastructure with cloud deployment, build and test automation technologies like ansible, chef, puppet, docker, jenkins, gitlab etc.
  • Good hands-on experience with AWS foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies
  • Ability to review, understand and proficiency with two or more of (JavaScript, Python, Java, Swift. Kotlin etc)
  • Experience with scripting languages (e.g., Python, Ruby) and automating tasks
  • Experience building and maintaining relationships with development teams
  • Comfortable with using Git
  • Excellent verbal and written communication skills
  • Effective working with global, virtual teams
  • Successful management of multiple priorities
  • Team-oriented, placing priority on the successful completion of team goals
  • Self-starter with a high degree of initiative
  • Experience with regulated systems (GxP, SOX) in the pharmaceutical, biotechnology, healthcare industry
  • Excellent analytical and troubleshooting skills
  • Experience with complex technologies that impact security
  • One or more security certifications such as CSSLP, CISSP, GWEB, GSSP-JAVA or CEH;


We understand that to successfully sustain and grow as a global enterprise and deliver for patients - we must ensure a diverse and inclusive work environment.

Amgen is committed to unlocking the potential of biology for patients suffering from serious illnesses by discovering, developing, manufacturing and delivering innovative human therapeutics. This approach begins by using tools like advanced human genetics to unravel the complexities of disease and understand the fundamentals of human biology.

Amgen focuses on areas of high unmet medical need and leverages its expertise to strive for solutions that improve health outcomes and dramatically improve people's lives. A biotechnology pioneer since 1980, Amgen has grown to be one of the world's leading independent biotechnology companies, has reached millions of patients around the world and is developing a pipeline of medicines with breakaway potential.

The invaluable contributions of our talented Tampa team will help us develop the vital and innovative medicines that treat serious illness and unmet medical needs around the globe.

Join Us

If you're seeking a career where you can truly make a difference in the lives of others, a career where you can work at the absolute forefront of biotechnology with the top minds in the field, you'll find it at Amgen.

Amgen, a biotechnology pioneer, discovers, develops and delivers innovative human therapeutics. Our medicines have helped millions of patients in the fight against cancer, kidney disease, rheumatoid arthritis and other serious illnesses.

As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other but compete intensely to win. Together, we live the Amgen values as we continue advancing science to serve patients.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PI114881868

<b>Amgen</b><br/><br/><b>Job ID: </b>R-84492<br/><b>Location: </b>Tampa, FL, US 33602<br/><br/>The Senior Associate IS Security Engineer role based in Tampa, FL plays an integral role in Information Security for Amgen. The primary responsibility is to support various capabilities within Amgen's Application Security function. The IS Security Engineer will work with various partners at Amgen in a manner aligned to Amgen's values to define and implement Information Security Services strategies, standards, tools and processes.<br><br>At Amgen, our mission is simple: to serve patients. Our new Tampa Capability Center provides essential services that enable us to better pursue this mission. This state-of-the art center serves as a base for finance, information systems, cyber security and human resources professionals to make a meaningful impact at one of the world's leading biotechnology companies.<br><br>The IS Security Engineer will be a part of Amgen's Information Security team and will be expected to contribute to and help deliver services and projects in other areas of information security.<br><br>The role will be part of the Information Security team responsible for delivering security services across Amgen globally. This position will focus on Secure SDLC and Application Security services and technologies to ensure a secure by design approach across Amgen's applications.<br><br>The individual will partner with developers and business owners from applicable technical teams to assess the security architecture of new products and capabilities via application security assessments, prioritise and advise on options to mitigate identified flaws and vulnerabilities and work with development teams to define and evangelize security best practices.<br><br><b>Responsibilities</b><br><ul><li>Review code for security vulnerabilities and practices dangerous to security and privacy.</li><li>Write custom rules on automated source code scanning tools</li><li>Script (Python, Perl, Ruby etc) and build automation tools on an ad-hoc basis</li><li>Create and deliver knowledge sharing presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques.</li><li>Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps</li><li>Help with tools identification, onboarding and/or tools development to assist developers in the secure development of applications</li><li>Configure, run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools</li><li>Build process and technology to improve the reporting and prioritization of identified weaknesses</li><li>Discover threats, vulnerabilities and exploits through architecture design review, threat modeling, code review, SAST and DAST assessments</li><li>Triage issues found by tools, external reports, and various tests, to accurately assess the real risks</li><li>Offer remediation guidance to stakeholders for identified issues and serve as an escalation resource for developers as they reduce issues</li><li>Draft application security policies, standards and guidance documentation that can be leveraged in the secure development of products and services</li><li>Monitor latest web application security developments and security trends to continually improve internal processes;</li><li>Work with DevOps team to improve Application Security; Research, Prototype, integrate Security Tools into CI/CD pipeline (container security, SAST, DAST, IAST, third party vulnerability Scanning, etc) aiming to achieve 100% coverage of all deployment/build pipelines</li><li>Collaborates cross-functionally with analysts, engineers, data scientists to achieve continuous improvement in cyber defense/resilience.</li></ul><br><br>IS Security Engineer will also present project status reports to senior management, adhere to policies and practices relative to technical guidelines and change management processes, and may contribute to the development of new policies and practices by suggesting innovative ideas.<br><br><b> Basic Qualifications </b><br><br>Master's degree<br><br>OR<br><br>Bachelor's degree and 2 years of Information Systems and/or Computer Science experience<br><br>OR<br><br>Associate's degree and 6 years of Information Systems and/or Computer Science experience<br><br>OR<br><br>High school diploma / GED and 8 years of Information Systems and/or Computer Science experience<br><br><b>Preferred Qualifications</b><br><ul><li>Strong understanding of common software and web application security vulnerabilities. including OWASP top 10, SANS/CWE Top 25 etc</li><li>Security verification of web applications or mobile apps using OWASP ASVS/M-ASVS and testing guides</li><li>Hands-on experience with tools and technologies used throughout secure SDLC (e.g., Burp Suite/ZAP, Fortify/Checkmarx /Veracode, WhiteSource/Blackduck).</li><li>Experience driving application security requirements in a traditional SDLC and through stories and epics in an Agile and SCRUM development environment</li><li>DevOps experience building and deploying infrastructure with cloud deployment, build and test automation technologies like ansible, chef, puppet, docker, jenkins, gitlab etc.</li><li>Good hands-on experience with AWS foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies</li><li>Ability to review, understand and proficiency with two or more of (JavaScript, Python, Java, Swift. Kotlin etc)</li><li>Experience with scripting languages (e.g., Python, Ruby) and automating tasks</li><li>Experience building and maintaining relationships with development teams</li><li>Comfortable with using Git</li><li>Excellent verbal and written communication skills</li><li>Effective working with global, virtual teams</li><li>Successful management of multiple priorities</li><li>Team-oriented, placing priority on the successful completion of team goals</li><li>Self-starter with a high degree of initiative</li><li>Experience with regulated systems (GxP, SOX) in the pharmaceutical, biotechnology, healthcare industry</li><li>Excellent analytical and troubleshooting skills</li><li>Experience with complex technologies that impact security</li><li>One or more security certifications such as CSSLP, CISSP, GWEB, GSSP-JAVA or CEH;</li></ul><br><br>We understand that to successfully sustain and grow as a global enterprise and deliver for patients - we must ensure a diverse and inclusive work environment.<br><br>Amgen is committed to unlocking the potential of biology for patients suffering from serious illnesses by discovering, developing, manufacturing and delivering innovative human therapeutics. This approach begins by using tools like advanced human genetics to unravel the complexities of disease and understand the fundamentals of human biology.<br><br>Amgen focuses on areas of high unmet medical need and leverages its expertise to strive for solutions that improve health outcomes and dramatically improve people's lives. A biotechnology pioneer since 1980, Amgen has grown to be one of the world's leading independent biotechnology companies, has reached millions of patients around the world and is developing a pipeline of medicines with breakaway potential.<br><br>The invaluable contributions of our talented Tampa team will help us develop the vital and innovative medicines that treat serious illness and unmet medical needs around the globe.<br><br>Join Us <br> <br> If you're seeking a career where you can truly make a difference in the lives of others, a career where you can work at the absolute forefront of biotechnology with the top minds in the field, you'll find it at Amgen. <br> <br> Amgen, a biotechnology pioneer, discovers, develops and delivers innovative human therapeutics. Our medicines have helped millions of patients in the fight against cancer, kidney disease, rheumatoid arthritis and other serious illnesses. <br> <br> As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other but compete intensely to win. Together, we live the Amgen values as we continue advancing science to serve patients. <br> <br> Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.<br/><br/> <img src="https://analytics.click2apply.net/v/yg7MGKhbE2g8CkAdFGNVO"> <p>PI114881868</p>

Categories

Posted: 2019-10-25 Expires: 2019-11-25

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Application Security Engineer

Amgen
Tampa, FL 33602

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast