Principal Product Security Engineer

Company Information

At Advarra, we are passionate about making a difference in the world of clinical research and advancing human health. With a rich history rooted in ethical review services combined with innovative technology solutions and deep industry expertise, we are at the forefront of industry change. A market leader and pioneer, Advarra breaks the silos that impede clinical research, aligning patients, sites, sponsors, and CROs in a connected ecosystem to accelerate trials.

Company Culture

Our employees are the heart of Advarra. They are the key to our success and the driving force behind our mission and vision. Our values (Patient-Centric, Ethical, Quality Focused, Collaborative) guide our actions and decisions. Knowing the impact of our work on trial participants and patients, we act with urgency and purpose to advance clinical research so that people can live happier, healthier lives.

At Advarra, we seek to foster an inclusive and collaborative environment where everyone is treated with respect and diverse perspectives are embraced. Treating one another, our clients, and clinical trial participants with empathy and care are key tenets of our culture at Advarra; we are committed to creating a workplace where each employee is not only valued but empowered to thrive and make a meaningful impact.

Job Duties & Responsibilities

• Participates in manual and tool assisted code reviews for critical code changes to ensure code quality and security standards are being adhered to
• Ensures that Advarra’s products are leveraging the appropriate tooling to identify vulnerabilities before products are released e.g. SAST, DAST, and IAST
• Ensures that vulnerabilities that are discovered are documented, tracked, and addressed in a timely fashion
• Leads review of the security posture of Advarra’s product to demonstrate compliance with applicable processes
• Develops metrics and KPIs to help product teams measure progress and improvement of Advarra’s security posture
• Works with Product Management and communicates risk of identified vulnerabilities to help prioritize mitigation efforts
• Collaborates with software development teams on the security posture of their projects
• Collaborates with software development teams on secure engineering practices
• Identifies and recommends training appropriate for team members based on technical level
• Leads effort on 3rd party penetration testing for Advarra’s products
• Participates in response to product security incidents and ensures that the root cause is identified and addressed
• Raises awareness of application security trends and promotes continued growth and innovation
• Works with the Quality Assurance / Compliance team to ensure Advarra has appropriate processes in place to ensure the secure development of our products
• Works with the Security team to ensure software tools and services meet the security posture of Advarra
• Assists in identifying and documenting policies and/or procedures as they relate to secure development as part of Advarra’s QISMS

Position requires a high level of responsibility regarding confidential information

Location

This role is open to candidates working hybrid in Bengaluru, India.

Basic Qualifications

• Bachelor’s degree in computer science or software engineering
• 5+ years' experience in software engineering
• 8+ years' experience in a software security role
• Understanding of programming languages and the security flaws that are relevant to each
• Demonstrated experience in web application development using Java/Python/C#/Ruby or other programming language
• Experience with automating GitHub, Jira, Artifactory, or similar tooling
• Demonstrated knowledge of agile software development methodologies, tools, and processes
• Understanding of web applications and the vulnerabilities inherent in them
• ,In depth knowledge of OWASP and other security frameworks and how to apply them
• Proficiency in security tools and how they’re applied to SDLC processes

Preferred Qualifications

• Master’s degree in Computer Science or Software Engineering
• Ability to manage multiple projects concurrently
• Ability to influence, engage, and partner closely with appropriate partners across all levels of the organization
• Excellent oral and written communication skills
• Collaborative work style with a focus on providing exceptional service to all clients
• Ability to work with a geographically distributed team
• Ability to handle stress and interact with others in a professional manner
• Highly organized with ability to manage multiple priorities in a fast-paced environment
• Excellent analytical, problem solving, and time-management skills
• Must be comfortable independently evaluating a situation, exercising good judgment and discretion, and independently making decisions on matters of significance

Physical and Mental Requirements

• Sit or stand for extended periods of time at stationary workstation
• Regularly carry, raise, and lower objects of up to 10 Lbs.
• Learn and comprehend basic instructions
• Focus and attention to tasks and responsibilities
• Verbal communication; listening and understanding, responding, and speaking

Advarra is an equal opportunity employer that is committed to diversity, equity and inclusion and providing a workplace that is free from discrimination and harassment of any kind based on race, color, religion, creed, sex (including pregnancy, childbirth, and related medical conditions, sexual orientation, and gender identity), national origin, age, disability or genetic information or any other status or characteristic protected by central, state, or local law.  Advarra provides equal employment opportunity to all individuals regardless of these protected characteristics. Further, Advarra takes affirmative action to ensure that applicants and employees are treated without regard to any of these protected characteristics in all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and separation from employment.