Application Security Architect
Prague (Sandoz)
Novartis
Working together, we can reimagine medicine to improve and extend people’s lives.Job Description Summary
#Sandoz
Job Description
Sandoz is going through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines.
Now as an independently listed company, Sandoz aims to increase its strategic focus, operate with greater agility, set clearer business objectives, enhance shareholder returns, and strengthen its culture for us, the Sandoz associates. This is an exciting time in our history, and by creating a new and ambitious path, it will provide a unique opportunity for us all, both professionally and personally. Join us as a Founder of our ‘new’ Sandoz!
As part of the Security Architecture & Advisory team, the Lead Application Security will play a critical role in ensuring the security and resilience of Sandoz's applications. You will shape and own Application Security process within Sandoz and ensure that robust security measures are adopted throughout the application development lifecycle. You will act as a point of contact for internal community (developers, project managers, application owners etc.) to which you will provide guidance on application security aspects and at the same time you will own relationship with external party providing application security assessments as a service to Sandoz. Your expertise in application security will help us protect sensitive data, identify vulnerabilities, and mitigate security risks.
Your Key Responsibilities
Your responsibilities include, but not limited to:
• Work with various stakeholders across the organization to ensure security of applications throughout their lifecycle considering industry best practices, regulatory requirements, and organizational needs.
• Steer external partner on conducting comprehensive security assessments of applications, identifying vulnerabilities and recommending appropriate remediation strategies.
• Collaborate with development teams to integrate security controls and measures into the application development process effectively.
• Define and enforce application security policies, standards, and procedures, ensuring compliance with internal and external security requirements.
• Stay up to date with emerging security threats, vulnerabilities, and industry trends related to application security and assess their potential impact on Sandoz.
• Provide guidance and support to development teams on secure coding practices, secure configuration management, and vulnerability remediation.
• Act as a subject matter expert and provide guidance on application security to stakeholders, management, and executives.
• Stay abreast of industry standards and frameworks such as OWASP, SANS, and NIST, and incorporate relevant practices into the application security program.
• Develop and maintain strong relationships with key vendors and strategic external partners.
What you’ll bring to the role:
Requirements:
• University degree or equivalent experience in computer science, engineering, information technology or other relevant field(s).
• Fluent in written and spoken English.
• Proven experience working as an Application Security Architect or in a similar role, with a focus on securing applications.
• Strong knowledge of application security principles, including secure coding practices, input validation, authentication, access controls, and encryption.
• Experience with application security standards and frameworks, such as OWASP Top Ten, SANS CWE Top 25, and secure software development lifecycle (SDLC) methodologies.
• Hands-on experience with security testing techniques ideally including code review, vulnerability scanning, and penetration testing.
• Experience working in a global company and designing / deploying solutions at scale.
• Excellent negotiation, communication, and interpersonal skills, ability to develop influential relationships with different stakeholders across all levels.
Desirable:
• Knowledge and experience of industry standards such as ISO 27001, CIS Controls, NIST, Cyber Essentials is a plus.
• Certification or accreditation in Information Security (CSSLP, CISM, CISA, CISSP, etc.,) and/or relevant vendor specific certifications is a plus.
You’ll receive:
• Monthly pension contribution matching your individual contribution up to 3% of your gross monthly base salary.
• Risk Life Insurance.
• 5-week holiday per year (1 week above the Labor Law requirement).
• Cafeteria employee benefit program – choice of benefits from Benefit Plus CZ in the amount of 12,000 CZK per year.
• Meal vouchers in amount of 116 CZK for each working day (full tax covered by company).
• Multisport Card.
• Car Allowance.
Why Sandoz?
Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, touched the lives of almost 500 million patients last year and while we are proud of this achievement, we have an ambition to do more!
With investments in new development capabilities, state-of-the-art production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.
Our momentum and entrepreneurial spirit is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is encouraged!
The future is ours to shape!
Commitment to Diversity & Inclusion:
We are committed to building an outstanding, inclusive work environment and diverse teams’ representative of the patients and communities we serve.
Join our Sandoz Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Sandoz and our career opportunities, join the Network here: Sandoz Talentpool (novartis.com)
#Sandoz
Skills Desired
Communication Skills, Cyber-Security Regulation, Cyber Threat Hunting, Cyber Threat Intelligence (Cti), Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security CISA CISM CISSP Compliance Computer Science Encryption ISO 27001 NIST OWASP Pentesting Risk management SANS SDLC Security assessment Threat intelligence Vulnerabilities
Perks/benefits: Career development Flex hours Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs