Cloud Security Engineer - Evinova

Job Title: Cloud Security Engineer – Evinova
Location: Gaithersburg, MD

At AstraZeneca, we pride ourselves on crafting a collaborative culture that champions knowledge-sharing, ambitious thinking and innovation – ultimately providing employees with the opportunity to work across teams, functions and even the globe. 

Recognizing the importance of individualized flexibility, our ways of working allow employees to balance personal and work commitments while ensuring we continue to create a strong culture of collaboration and teamwork by engaging face-to-face in our offices 3 days a week. Our head is purposely designed with collaboration in mind, providing space where teams can come together to strategize, brainstorm and connect on key projects. 

Are you ready to be part of the future of healthcare? Can you think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges?  Then Evinova, a global health tech business might be for you!  

Transform patients’ lives through technology, data, and innovative ways of working. You’re disruptive, decisive, and transformative. Someone excited to use technology to improve patients’ health. We’re building a new Health-tech business – Evinova, a fully-owned subsidiary of AstraZeneca Group.

Evinova delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we’re helping. Launch pioneering digital solutions that improve the patients’ experience and deliver better health outcomes. Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector. 

Introduction to Role:

The Cloud Security Engineer role at Evinova is a unique opportunity to join a global team of skilled cybersecurity professionals using next generation technologies to advance our cybersecurity risk management program on a global scale. This role operates at the intersection of Cloud Security Engineering and Cybersecurity Compliance - ensuring that our cloud environments are secure by default, compliant with regulatory requirements, and aligned to industry leading practices. Success in this role requires an analytical and threat-informed approach, attention to detail, and execution precision. This role will collaboratemulti-functionallyy across each cyber domain, product engineering squads, and business partners.

In this hands-on position, you’ll dive deep into AWS native services, designing hardened architectures, building compliance driven guardrails in code, partnering with DevOps, Platform Operations to keep our platform secure and audit ready. The ideal candidate excels at distilling cybersecurity concepts into clear and concise advisory, tailored for non-cyber audiences, and ultimately contributing to an increased cyber literacy across Evinova. Reporting directly to the Head of Cloud Security Architecture and with near daily interactions with the Head of Cybersecurity, this role provides continuous professional development opportunities through leadership visibility and exposure to strategic decision making.  

Accountabilities:

Platform Security Engineering

• Design and harden AWS Native Infrastructure such as VPC, IAM, KMS, EKS to meet the Evinova Cyber Baseline and CIS/NIST benchmarks
• Perform cloud security posture risk reviews by using our Cloud Security Posture Management (CSPM) tool, CI/CD pipeline scanners, and other cloud-centric vulnerability detection solutions
• Collaborate with DevOps and engineering teams to embed compliance checks into the CI/CD pipeline, enabling proactive identification and resolution of compliance issues
• Coordinate vulnerability remediation efforts with the Platform Operations Team to ensure security relevant issues are addressed in a timely manner and in compliance with internal policies / risk metrics
• Support the Head of Cloud Security Architecture with evaluating cybersecurity risks related to our AWS Infrastructure, Kubernetes workloads, serverless functions, and Infrastructure-as-Code (IaC) deployments
• Conduct research and information gathering to enrich risk exception responses and advising technical teams on mitigation strategies and leading practices
• Collaborate with the Platform Engineering teams to provide cybersecurity risk advisory on proposed architectural changes, new platform features / services, and third-party integrations – to ensure alignment with secure design principles and our internal controls requirements
• Integrate “Compliance-as-Code” practices to automate compliance checks and ensuring alignment with all relevant regulatory requirements
• Implement continuous compliance strategies to maintain alignment to SOC2 and ISO 27001 standards, reducing the risk of non-compliance and timely detection of compliance drift

Cybersecurity Risk and Compliance:

• Advise the Head of Cybersecurity by identifying new areas of focus and emerging risks that should be considered as part of our annual cyber strategy development and roadmap planning
• Participate in continuous improvement initiatives to enhance Evinova’s cyber risk management methodology, tooling decisions, and workflows
• Partner with the Platform Engineering and Operations Teams to evaluate and monitor the effectiveness of technical and administrative controls (e.g., Vulnerability Management, Log Source Ingestion)
• Perform technical risk and compliance assessments over our cloud infrastructure using structured methodologies aligned to SOC2, ISO 27001, NIST CSF, and other industry relevant standards and regulations
• Maintain and enhance our Cybersecurity Risk Register by documenting newly identified risks, updates to remediation efforts, and following up on approved risk exceptions
• Contribute to the development and delivery of training on cybersecurity fundamentals / standard processes and emerging threat advisories

Audit Response and Evidence Analysis (External Audit Support):

• Collaborate with the Cyber GRC Leader and Head of Cybersecurity to provide timely and accurate responses to external audit and customer inquiries (e.g., SOC2, ISO 27001, Customer Qualifications)
• Perform periodic refreshes of our control evidences (i.e., “proofs”) to ensure continued validity and optimal audit response activities (e.g., collection, organization, and auditor submission)

Essential Skills/Experience:

• Bachelor's degree or equivilent expereince in computer science, business administration, or a similar relevant area of study
• 5+ years of hands-on experience in Cybersecurity, specifically in the areas of Cloud Security and / or Platform Engineering
• Basic understanding of Amazon Web Services (AWS) services and core cloud security concepts (e.g., IAM, encryption, networking, serverless, container security)
• Knowledge of common Cloud Security and Web Application Security risks (e.g., OWASP Top 10)
• Familiarity with relevant information security frameworks and compliance standards – specifically, NIST CSF, ISO 27001, SOC2, or CIS Controls. Experience with China MLPS is a strong plus, not but required
• Strong written and verbal communication skills, with the ability to eloquently draft risk statements, rationales, and mitigation strategies for both technical and non-technical audiences
• Experience working with / contributing to cybersecurity risk registers, controls assessments, and compliance tooling
• Hands on experience with cybersecurity remediation activities and controls implementation
• Ability to work independently in a fast-paced environment with a proven ability to manage competing priorities
• Excellent written and verbal communication skills, project management, process improvement, attention to detail, and critical thinking skills are highly preferred

Desirable Skills/Experience:

• Prior experience providing cloud / platform security capabilities at a SaaS/cloud service provider
• Familiarity with Life Sciences / Clinical Development related regulations and standards is a strong plus
• Experience in ensuring compliance within a highly regulated, sophisticated global business environment, particularly in the healthcare and/or clinical research industry
• Strong scripting experience in Python, Go or Bash for guardrail automation and integrating security solutions.
• Prior experience using Wiz, Splunk, GitHub and other leading cybersecurity / engineering tools is a strong plus.
• Experience securing AWS native services such as EKS, API Gateways, cloud native cryptography and workload isolation strategies.
• A global perspective on privacy, security, and data protection issues and trends, with experience in Asia-Pacific data privacy and protection regulations being a strong plus
• At least one of the following professional certifications: AWS Certified Solutions Architect, AWS Certified Security – Specialty, Certified Kubernetes Administrator/Security (CKA/CKS), Certified Cloud Security Professional (CCSP), and / or Certified Information Systems Security Professional (CISSP)
• Demonstrated initiative and strong customer orientation, with an ability to work effectively across cultures

Where can I find out more?

• Learn more about Evinova www.evinova.com
• Our Social Media, Follow AstraZeneca on LinkedIn https://www.linkedin.com/company/1603/
• Follow AstraZeneca on Facebook https://www.facebook.com/astrazenecacareers/
• Follow AstraZeneca on Instagram https://www.instagram.com/astrazeneca_careers/?hl=en
• Our US Footprint: Powering Scientific Innovation - YouTube

Why Evinova?

Evinova is a global health tech business, separate company part of the AstraZeneca group. Together, we can accelerate the delivery of life-changing medicines, improve the design and delivery of clinical trials for better patient experiences and outcomes, and think more holistically about patient care before, during, and after treatment.  We know that regulators, healthcare professionals, and care teams at clinical trial sites do not want a fragmented approach. They do not want a future where every pharmaceutical company provides its own, different digital solutions. They want solutions that work across the sector, simplify their workload, and benefit patients broadly. By bringing our solutions to the wider life sciences community, we can help build more unified approaches to how we all develop and deploy digital technologies, better serving our teams, physicians, and ultimately patients.  Evinova represents a unique opportunity to deliver meaningful outcomes with digital and AI to serve the wider healthcare community and create new standards for the sector.  Join us on our journey of building a new kind of health tech business to reset expectations of what a bio-pharmaceutical company can be. This means we’re opening new ways to work, pioneering cutting-edge methods, and bringing unexpected teams together. Interested? Come and join our journey.

Total Rewards:

The annual base pay for this position ranges from $126,906.40to $190,359.60. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience.  In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors. 

AstraZeneca is an equal opportunity employer that is committed to diversity and inclusion and providing a workplace that is free from discrimination. AstraZeneca is committed to accommodating persons with disabilities. Such accommodation is available on request in respect of all aspects of the recruitment, assessment and selection process and may be requested by emailing AZCHumanResources@astrazeneca.com.

#LI-Hybrid

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.