This is a fully Remote and Work From Home (WFH) opportunity within the US
Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. Backed by venture investors such as Glynn Capital, Google Ventures, Redmile Group, dRx Capital and Lux Capital, we are revolutionizing the clinical trial industry one patient at a time. To help us achieve our goal, we are seeking a Principal Security Engineer eager to make an impact within a mission-driven organization.
As the Principal Security Engineer you will be responsible for the application security of the entire software suite that Tech is creating, using and managing including Science 37’s flagship product NORA. Our mission is to make NORA the safest and most secure Clinical Trials Management System that everybody trusts with their most sensitive data.
At Science 37, we take security seriously. We are in a position to help protect not only our clients and sponsors but the patients and their health-related data. We strive to provide a well-balanced Clinical Trial Management System that patients are completely assured that their data is safe, and the sponsors get the reliable data and the result.
You will be working closely with engineering, product, legal, compliance and quality assurance, IT and marketing to define and execute the security strategy and solutions.
DUTIES AND RESPONSIBILITIES
Duties include but are not limited to:
1. Secure JAVA, JSP (express gateway, NodeJS, hapi, loopback, react) and Python3, asyncio, Java: openjdk 12.
2. Lead Penetration Testing against Mobile/App/API
3. Manage Secure SDLC
5. Lead Secure programming in AWS with ECS, Github, automated CI/CD pipeline
6. Manage Github pull request reviews in secure way
7. Experiences with Github DependaBot and SCA
QUALIFICATIONS & SKILLS
1. Bachelor’s Degree in Computer Science, Information Science and similar fields
2. Certifications such as OSCP, OSCE or OSWP
3. Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.)
4. Good understanding with MITRE ATT&CK tree and IOC
5. Deep experience in detection, monitoring, alerting or threat intelligence
6. Strong analytical skills to solve complex problems with multiple variables
7. Experience in applying security to cloud technologies (Managing secrets, Securing CD pipeline, Secure Infrastructure as Code, Container Security, DevSecOps and CI/CD Implementation.)
8. Excellent communication skills to both technical and non-technical leaders
9. PLUS: Knowledge of consumer privacy industry compliance requirements; GDPR, CCPA, ISO 27001, PCI, HIPPA, GxP, 21 CFR Part 11
10. PLUS: MuleSoft API, NewRelic, Splunk
1. Outstanding organizational and leadership abilities
2. High level, written and verbal communication skills
3. An effective communicator; strong communication, negotiation and influence skills
4. Proven track record of delivering results and meeting targets
5. Good blend of analytical skills, strategic thinking, planning and implementation
6. Ability to articulate ideas to both technical and non-technical audiences
7. Commitment to results; is focused and results driven, excellent time management skills
8. Action oriented and innovative; able to translate broad goals into achievable steps
9. Motivating; knows how to influence and enable others
10. Strong problem solving and creative skills and the ability to exercise sound judgment and make decisions based on accurate and timely analyses
11. High level of integrity and dependability with a strong sense of urgency and results-orientation
12. Ability to foster and cultivate business opportunities and partnerships
1. Ability to communicate in English (both verbal and written)
Position reports to Director of Application Security
No direct reports
Science 37 values the well-being of its employees and aims to provide team members with everything they need to succeed.
Submit your resume to apply!