Specialist Application Security Engineer

at  Amgen

THE AMGEN CAPABILITY CENTER IN LISBON, PORTUGAL (ACCP) will be home to over 300 multi-national and multi-cultural employees, representing a broad range of cross functional capabilities, including Commercial, General and Administrative, Research and Development and more. The ACCP will offer rich career growth and development opportunities, regional and global exposure and the opportunity to LIVE, WIN and THRIVE in one of Europe’s most attractive cities.
If you feel like you’re part of something bigger, it’s because you are. At Amgen our shared mission—to serve patients—drives all that we do. It is key to our becoming one of the world’s leading biotechnology companies. We are global collaborators who achieve together—researching, manufacturing and delivering ever-better products that read over 10 million patients worldwide. It’s time for a career you can be proud of. Join us as:

The Specialist Application Security Engineer plays an integral role in Information Security for Amgen. The primary responsibility is to support various capabilities within Amgen’s Application Security function. You will work with various partners at Amgen in a manner aligned to Amgen’s values to define and implement Information Security Services strategies, standards, tools and processes. The Specialist IS Security Engineer will be a part of Amgen’s Information Security team and will be expected to contribute to and help deliver services and projects in other areas of information security.
The role will be part of the Information Security team responsible for delivering security services across Amgen globally. This position will focus on Secure SDLC and Application Security services and technologies to ensure a secure by design approach across Amgen’s applications.

The individual will partner with developers and business owners from applicable technical teams to assess the security architecture of new products and capabilities via application security assessments, prioritize and advise on options to mitigate identified flaws and vulnerabilities and work with development teams to define and evangelize security best practices. Let’s do this. Let’s change the world. In this vital role you will:

• Manage SAST platform and engagement with development teams
• Review code for security vulnerabilities and practices dangerous to security and privacy.
• Write custom rules on automated source code scanning tools
• Script (Python, Perl, Ruby etc) and build automation tools on an ad-hoc basis
• Create and deliver knowledge sharing presentations and documentation to educate developers and operations teams on application security best practices and secure coding techniques.
• Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps
• Help with tools identification, onboarding and/or tools development to assist developers in the secure development of applications
• Configure, run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools
• Build process and technology to improve the reporting and prioritization of identified weaknesses
• Discover threats, vulnerabilities and exploits through architecture design review, threat modeling, code review, SAST and DAST assessments
• Triage issues found by tools, external reports, and various tests, to accurately assess the real risks
• Offer remediation guidance to stakeholders for identified issues and serve as an escalation resource for developers as they reduce issues
• Draft application security policies, standards and guidance documentation that can be leveraged in the secure development of products and services
• Monitor latest web application security developments and security trends to continually improve internal processes;
• Work with DevOps team to improve Application Security; Research, Prototype, integrate Security Tools into CI/CD pipeline (container security, SAST, DAST, IAST, third party vulnerability Scanning, etc) aiming to achieve 100% coverage of all deployment/build pipelines
• Collaborates cross-functionally with analysts, engineers, data scientists to achieve continuous improvement in cyber defense/resilience.
• Provide mentorship and training on areas of expertise to junior Application Security team members.