Career Category

Job Description

THE AMGEN CAPABILITY CENTER IN LISBON, PORTUGAL (ACCP) will be home to over 300 multi-national and multi-cultural employees, representing a broad range of cross functional capabilities, including Commercial, General and Administrative, Research and Development and more. The ACCP will offer rich career growth and development opportunities, regional and global exposure and the opportunity to LIVE, WIN and THRIVE in one of Europe’s most attractive cities.

If you feel like you’re part of something bigger, it’s because you are. At Amgen our shared mission—to serve patients—drives all that we do. It is key to our becoming one of the world’s leading biotechnology companies. We are global collaborators who achieve together—researching, manufacturing and delivering ever-better products that read over 10 million patients worldwide. It’s time for a career you can be proud of. Join us as:

Senior Associate Application Security Engineer

LIVE
What you will do
The Senior Associate Application Security Engineer plays an integral role in Information Security for Amgen. The primary responsibility is to support various capabilities within Amgen’s Application Security function. The Information Security Engineer will work with various partners at Amgen in a manner aligned to Amgen’s values to define and implement Information Security Services strategies, standards, tools and processes. The Engineer will be a part of Amgen’s Information Security team and will be expected to contribute to and help deliver services and projects in other areas of information security. The role will be part of the Information Security team responsible for delivering security services across Amgen globally. This position will focus on Secure SDLC and Application Security services and technologies to ensure a secure by design approach across Amgen’s applications.

The individual will partner with developers and business owners from applicable technical teams to assess the security architecture of new products and capabilities via application security assessments, prioritize and advise on options to mitigate identified flaws and vulnerabilities and work with development teams to define and evangelize security best practices. Let’s do this. Let’s change the world. In this vital role you will:

• Support all application onboarding process for Enterprise pipeline scanning service
• Provide application security consultations and support mitigation planning and execution for scan findings
• Review code for security vulnerabilities and practices dangerous to security and privacy
• Write custom rules on automated source code scanning tools
• Script (Python, Perl, Ruby etc.) and build automation tools on an ad-hoc basis
• Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps
• Help with tools identification, onboarding and/or tools development to assist developers in the secure development of applications
• Configure, run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools
• Discover threats, vulnerabilities and exploits through architecture design review, threat modeling, code review, SAST and DAST assessments
• Triage issues found by tools, external reports, and various tests, to accurately assess the real risks
• Offer remediation guidance to stakeholders for identified issues and serve as an escalation resource for developers as they reduce issues
• Monitor latest web application security developments and security trends to continually improve internal processes

WIN
What we expect of you
We are all different, yet we all use our unique contributions to serve patients. The information security professional we seek is team-oriented with these qualifications:

• Bachelor or Master degree in Information Systems, Computer Science or equivalent
• Understanding of common software and web application security vulnerabilities. including OWASP top 10, SANS/CWE Top 25 etc
• Security verification of web applications or mobile apps using OWASP ASVS/M-ASVS and testing guides
• Hands-on experience with tools and technologies used throughout secure SDLC (e.g., Burp Suite/ZAP, Fortify/Checkmarx /Veracode, WhiteSource/Blackduck).
• Good hands-on experience with AWS foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies
• Ability to review, understand and proficiency with two or more of (JavaScript, Python, Java, Swift. Kotlin etc.)
• Experience with scripting languages (e.g., Python, Ruby) and automating tasks
• Experience building and maintaining relationships, excellent verbal and written communication skills and effective working with virtual teams
• Team-oriented, placing priority on the successful completion of team goals
• Self-starter with a high degree of initiative

THRIVE
What can you expect of us
As we work to develop treatments that take care of others, so we work to care for our teammates’ professional and personal growth and well-being.

• Vast opportunities to learn, develop, and move up and across our global organization.
• Diverse and inclusive community of belonging, where colleagues are empowered to bring ideas to the table, take risks, and act.
• Generous Amgen Total Rewards Plan comprising healthcare, finance, wealth and career benefits.
• Flexible work arrangements.

Additional Information

The Amgen Capability Center Portugal will be temporarily located at the Maleo – Saldanha, Av. da República 18, 1050-191 Lisbon. We’re already gearing up to have our brand-new permanent office ready in the vibrant city center of Lisbon by the spring of 2022.

APPLY NOW
FOR A CAREER THAT DEFIES IMAGINATION
In our quest to serve patients above all else, Amgen is the first to imagine, and the last to doubt. Join us.
CAREERS.AMGEN.COM

EQUAL OPPORTUNITY STATEMENT
Amgen is an Equal Opportunity employer and will consider you without regard to your race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
We will ensure that individuals with disabilities are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.