Product Security Engineer
Citeline, part of the Norstella group of Pharma information solutions, is one of the world's leading providers of data and intelligence on clinical trials, drug treatments, medical devices and what's new in the regulatory and commercial landscape. Relying on us to deliver vital advantage when making critical R&D and commercial decisions, our customers come from over 3000 of the world’s leading pharmaceutical, contract research organizations (CROs), medical technology, biotechnology and healthcare service providers, including the top 10 global pharma and CROs.
From drug and device discovery and development to regulatory approval, and from product launch to lifecycle management, we provide the intelligence and insight to help our customers seize opportunities, mitigate risk and make business-critical decisions, faster. As the pharma and healthcare sector faces unparalleled upheaval, customers rely on our independent advice, enabling them to cut through the clutter and make sense of changing drug development, regulatory and competitive landscapes.
Until recently, we were a division of Informa, the FTSE 100 British publishing, business intelligence, and exhibitions group based in London. However, as of November 2022, we have joined Norstella, a group of prominent pharmaceutical solutions providers that help clients navigate complexities at each step of the drug development life cycle, from pipeline to patient.
We are looking for someone who is motivated, driven, and passionate about product security and finding solutions to complex business challenges. If you join the Citeline Information Security team, your mission will be to help us build and operate the product security program. You will have the exciting opportunity to work with our developers and DevOps engineers to create low-friction, high-impact solutions that minimize information security risk to our company, customers, and partners.
- This is a hands-on technical position, with a mixture of architecture, design, implementation, and operations responsibilities
- Work closely with developers and DevOps engineers to establish a Secure Development Lifecycle (SDL) and ensure security tools (SAST, DAST, SCA) are integrated into the CI/CD pipeline; provide security guidance through every phase of the SDL
- Mentor and collaborate with development teams to adopt secure coding practices
- Create and maintain product threat models while educating developers on the attacker mindset and threat modeling techniques
- Establish and grow security champions program to embed and improve security practices within product teams
- Implement training and awareness program to empower developers to build security by default
- Identify and implement practices to reduce friction and improve security through automation and self-service
- Work with product teams to ensure appropriate security features are built into customer products
- Work with the product platform team to build security services and libraries
- Communicate risks to developers through training and technical demonstration of vulnerabilities and secure design patterns
- Perform product security assessments
- Establish product security policies and standards
- Establish and track Key Performance Indicators (KPI) for the product security program
- Lead and participate in large cross-functional projects
- Experience in software security, testing web and native applications
- Experience in threat modeling, security design reviews, and security architecture
- Deep understanding of web application architecture and design principles
- Knowledge in authentication and authorization standards including OAuth, SAML, etc
- Knowledge of cloud native technologies including containers, Kubernetes, and IaaC
- Strong knowledge of AWS fundamentals and native services
- In-depth knowledge of common security flaws and resolution as published by OWASP, SANS, etc
- Knowledge of OWASP ASVS, SCVS, and related verification standards
- Knowledge of SAST, DAST, and SCA security tools
- Solid grasp of full-stack engineering: front-end/backend, API and service architecture design, web infrastructure and distributed systems
- Proven track record for delivering results while developing and maintaining professional work relationships
- Advanced interpersonal and communication skills with the ability to collaborate effectively in a team environment and promote ideas at various levels of the organization
- Strong self-directed work habits exhibiting initiative, drive, creativity, maturity, self-assurance, professionalism and the ability to autonomously manage multiple concurrent projects
- Advanced analytical and decision-making skills
Employee experience is very important to us at Citeline. On top of joining a supportive, diverse and ambitious team that welcomes all types of candidates. We are also flexible with different working patterns and prioritizes promotions internally. Our benefits include:
- Medical Benefits, Dental Benefits, Vision Benefits
- Flexible Spending Account (FSA), Health Savings Account (HSA)
- Basic Life and Personal Accident Insurance, Basic Disability Insurance, Voluntary Group Life Insurance, Voluntary Personal Accident Insurance
- 401k Plan with Employer match
- Paid Time Off (PTO) – 10 Company Holidays, 15 Vacation Days, 2 Floating Holidays, Birthday Day and 4 Volunteer Days
- Bright and friendly staff who are all “expert’s experts” and additional training and development for helping you achieve your career aspiration
We know that sometimes the 'perfect candidate' doesn't exist, and that people can be put off applying for a job if they don't fit all the requirements. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. You could be just what we need! We believe strongly in the value of diversity and creating supportive, inclusive environments where our colleagues can succeed. As such, Citeline is proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, ancestry, national origin, religion, or religious creed, mental or physical disability, medical condition, genetic information, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, gender expression, age, marital status, military or veteran status, citizenship, or other protected characteristics under law.
The expected base salary for this position ranges from $150,000 to $210,000. It is not typical for offers to be made at or near the top of the range. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also considered. In addition to base salary and a competitive benefits package, successful candidates are eligible to receive a discretionary bonus.