eClinical Solutions helps life sciences organizations around the world accelerate clinical development initiatives with expert data services and the elluminate Clinical Data Cloud – the foundation of digital trials. Together, the elluminate platform and digital data services give clients self-service access to all their data from one centralized location plus advanced analytics that help them make smarter, faster business decisions.
OVERVIEW
The application security engineer will need to have a deep understanding of cybersecurity principles and be proficient in security tools and practices. They are the bridge between security and development, ensuring that eClinical applications are designed, developed, and deployed in a secure manner. They need to be able to understand how code is written, how software is built, and how applications are run in production.
It is the role of the application security engineer to protect software applications from threats and vulnerabilities. They will work with product development professionals to ensure that security is integrated throughout the software development lifecycle.
KEY TASKS & RESPONSIBILITIES
- Collaborating with Developers and DevOp teams – Application security engineer plays a pivotal role in the software development lifecycle ensuring that security is integrated at every state. They provide guidance to developers on secure coding practices. They participate in code reviews to identify potential security vulnerabilities and advise on remediation strategies. When vulnerabilities are uncovered the application security engineer implements code to resolve vulnerabilities along with their development colleagues. Lastly, they collaborate with DevOp team to ensure that security measures are effectively implemented in production environments.
- Security Review and Threat Modeling – Application security engineer will conduct security reviews evaluating eClinical applications for potential vulnerabilities and non-compliance with security standards. This will involve threat modeling a proactive approach to identifying potential threats and vulnerabilities in our applications.
- Integration of Security Tool and Processes – Application security engineer is responsible for integrating security tools and processes into our build, release, and deployment pipeline. This involves automating security checks and scans to identify and fix vulnerabilities early and often in the development process. Producing metrics and reports on security find/fix rates and areas of vulnerability within eClinical applications and run-time environments.
- Responding to Security Incidents – In the event of a security breach the application security engineer will assist in the response and recovery. Together with appropriate development and security staff the application security engineer will be responsible for investigating the incident, identifying the root cause, and implementing measures to prevent similar incidents in the future.
- Training and Awareness – Application security engineer has a responsibility to raise awareness about eClinical application security within the R&D community and the company at large. They will conduct training sessions for developers on secure coding practices, security standards, and the latest security threats and countermeasures. They can utilize peer programming, debugging, and other techniques to elevate our developer’s abilities to remediate security vulnerabilities in our application and prevent them in the future.
CANDIDATE’S PROFILE
Education/Language:
- Bachelor’s in computer science and Master’s in Cybersecurity preferred
Professional Skills & Experience
- 5+ years in software design and development
- 3+ years as application security engineer
- Proficient in multiple programming languages. This proficiency needs to extend beyond just writing code, by understanding the intracies and potential security flaws inherent in different languages. Knowledge of C# and SQL is preferred.
- Skilled in the practical application of secure coding practices. Experience guiding developers in implementing them in their code to build secured applications.
- Proficient in the design and implementation of software that addresses software vulnerabilities and hotspots and adheres to security best practices.
- Deep knowledge and application of security frameworks and standards such as OWASP, CWE, NIST security, MITRE, threat modeling, cryptography, and others to ensure developers design and implement secure systems in compliance with industry expectations.
- Comprehensive understanding on how different components of a web application interact with each other and the potential security risks associated with them. This knowledge includes server, client, and database interactions, as well as cloud services.
- Familiarity with developing secure cloud applications particularly in AWS environments.
- Proficiency with security tools and technologies to identify and remediate security vulnerabilities including static code analysis tools, dynamic analysis tools, and penetration testing tools. Knowledge of security technologies such as firewalls, intrusion detection systems, and encryption is important to protect the application from external threats.
- Experience creating and maintaining comprehensive security documentation including policies, procedures, and guidelines.
- Effective communication skills to articulate and teach complex security concepts to developers as well as there application. Writing clear and concise security reports and presenting findings to both a technical and non-technical audience.
- Strong problem-solving skills to analyze a problem, determine its root cause, and devise a plan to resolve it.
- Experience in critically evaluating the security of a system, identification of potential vulnerabilities, and assessing the impact of different security measures.
- Teamwork and collaboration skills required to work effectively in a team setting, respect different perspectives, and collaborate towards a common goal.
- Demonstrated drive towards continuous learning and adaptability to stay ahead of new threat and vulnerabilities that are constantly emerging.
Accelerate your skills and career within a fast-growing company while impacting the future of healthcare. We have shared our story, now we look forward to learning yours!
eClinical is a winner of the 2023 Top Workplaces USA national award! We have also received numerous Culture Excellence Awards celebrating our exceptional company vision, values, and employee experience. See all the details here: https://topworkplaces.com/company/eclinical-solutions/
eClinical Solutions is a people first organization. Our inclusive culture values the contribution that diversity brings to our business. We celebrate individual experiences that connect us and that inspire innovation in our community. Our team seeks out opportunities to learn, grow and continuously improve. Bring your authentic self, you are welcome here!
We are proud to be an equal opportunity employer that values diversity. Our management team is committed to the principle that employment decisions are based on qualifications, merit, culture fit and business need.
