Lead Cloud and Product Security Engineer
Company: Norstella
Location: Remote, India
Date Posted:
Employment Type: Full Time
Job ID: R-1065
Share:
Description
About Norstella
At Norstella, our mission is simple: to help our clients bring life-saving therapies to market quicker—and help patients in need. We turn that into a reality by helping our clients navigate the complexities at each step of the drug development life cycle, from pipeline to patient.
As one of the largest global pharma intelligence solution providers, Norstella unites market-leading companies that all have a shared goal of helping bring life-saving therapies to market quicker—and help patients in need.
Each organization (Citeline, Evaluate, MMIT, Panalgo, The Dedham Group) delivers must-have answers for critical strategic and commercial decision-making. Together, we help our clients:
As one of the largest global pharma intelligence solution providers, Norstella unites market-leading companies that all have a shared goal of helping bring life-saving therapies to market quicker—and help patients in need.
Each organization (Citeline, Evaluate, MMIT, Panalgo, The Dedham Group) delivers must-have answers for critical strategic and commercial decision-making. Together, we help our clients:
- Assess the market need and competitive landscape
- Know precisely which drugs to prioritize in their portfolios
- Connect the dots between patients and clinical trials
- Reduce costs, mitigate risk and stay in compliance
- Find out where the launch difficulties will be—before they’re difficulties
By combining the efforts of each organization under Norstella, we can offer an even wider breadth of expertise, cutting-edge data solutions and expert advisory services alongside advanced technologies such as real-world data, machine learning and predictive analytics. At Norstella, we don’t just deliver information and insights. We deliver answers you can act on.
The Role:
- We are looking for an experienced technical leader who is driven and passionate about driving cloud security and product security in an enterprise environment. If you join the Norstella Information Security team, your role will be to help us build and mature our cloud security and product security programs. You will have the exciting opportunity to collaborate across all our global development and engineering teams to create low-friction, high-impact solutions that minimize information security risk to our company, customers, and partners. This is a hands-on technical position, with a mixture of architecture, design, implementation, and operations responsibilities
Responsibilities:
- Ensure the secure operations of Norstella cloud infrastructure, platforms, and software, through the installation, maintenance, and continuous improvement of cloud security capabilities
- Implement cloud security controls to rapidly detect and respond to information security incidents; participate as needed in security incidents
- Translate business needs into security and technical requirements and communicate security risks to relevant stakeholders ranging from business leaders to technologists
- Provide subject matter expertise and leadership on cloud security architecture and Secure DevOps best practices to technology and business partners
- Create cloud security policies and standards as a part of the larger information security policy framework
- Develop and manage the use of automation to enforce standardized builds and deployments across our cloud environments in alignment with proscribed control frameworks and compliance requirements.
- Work closely with Norstella technical team to develop and maintain cloud security designs necessary to achieve compliance requirements including ISO 27001, SOC 2, HIPAA/HITECH, and GDPR
- Act as a key stakeholder in the incident response team in the context of cloud or product related incidents
- Stay current with industry best practices in cloud security and the evolving threat landscape; implement and update cloud security capabilities accordingly
- Work closely with product security engineers to create and maintain threat models and associated remediation recommendations
- Lead and participate in large cross-functional projects related to cloud and product security
- Create and manage performance metrics across cloud security and product security teams
Requirements:
- 5+ years of cloud security engineering experience with demonstrated expertise in multi cloud environments
- Deep understanding of web application architecture and design principles
- Solid grasp of full-stack engineering: front-end/backend, API and service architecture design, web infrastructure and distributed systems
- Knowledge in authentication and authorization standards including OAuth, SAML, etc
- Strong understanding of Infrastructure-as-Code and experience with Terraform
- Experience securing containers and Kubernetes
- Proficient coding demonstrated in one or more general purpose languages (e.g., Python, Java, Bash, C or C++) including data structures, algorithms, and software design.
- Experience with DevOps and automation mindset and tools required (Jenkins, TeamCity, etc)
- In-depth knowledge of common secure development frameworks like OWASP SAMM, NIST SSDF, and SAFECode
- Experience implementing HITRUST and SOC2 security requirements in cloud environments
- Proven track record for delivering results while developing and maintaining professional work relationships
- Advanced interpersonal and communication skills with the ability to collaborate effectively in a team environment and promote ideas at various levels of the organization
- Strong self-directed work habits exhibiting initiative, drive, creativity, maturity, self-assurance, professionalism, and the ability to autonomously manage multiple concurrent projects
- Advanced analytical and decision-making skills
- Excellent written and verbal communication skills and the ability to translate security objectives into technical requirements
- Ability to communicate technical concepts to business stakeholders
- Ability to see patterns, commonalities and investigate complex issues
- Excellent judgement in prioritizing security efforts to mitigate the appropriate risks
- An ability to reason about security decisions and communicate security requirements
Benefits
- Health Insurance
- Provident Fund
- Reimbursement of Certification Expenses
- Gratuity
- 24x7 Health Desk
Our guiding principles for success at Norstella
01: Bold, Passionate, Mission-First
We have a lofty mission to Smooth Access to Life Saving Therapies and we will get there by being bold and passionate about the mission and our clients. Our clients and the mission in what we are trying to accomplish must be in the forefront of our minds in everything we do.
02: Integrity, Truth, Reality
We make promises that we can keep, and goals that push us to new heights. Our integrity offers us the opportunity to learn and improve by being honest about what works and what doesn’t. By being true to the data and producing realistic metrics, we are able to create plans and resources to achieve our goals.
03: Kindness, Empathy, Grace
We will empathize with everyone's situation, provide positive and constructive feedback with kindness, and accept opportunities for improvement with grace and gratitude. We use this principle across the organization to collaborate and build lines of open communication.
04: Resilience, Mettle, Perseverance
We will persevere – even in difficult and challenging situations. Our ability to recover from missteps and failures in a positive way will help us to be successful in our mission.
05: Humility, Gratitude, Learning
We will be true learners by showing humility and gratitude in our work. We recognize that the smartest person in the room is the one who is always listening, learning, and willing to shift their thinking.
Norstella is an equal opportunities employer and does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, color, nationality, ethnic or national origin, religion or belief, disability or age. Our ethos is to respect and value people’s differences, to help everyone achieve more at work as well as in their personal lives so that they feel proud of the part they play in our success. We believe that all decisions about people at work should be based on the individual’s abilities, skills, performance and behavior and our business requirements. Norstella operates a zero tolerance policy to any form of discrimination, abuse or harassment.
Sometimes the best opportunities are hidden by self-doubt. We disqualify ourselves before we have the opportunity to be considered. Regardless of where you came from, how you identify, or the path that led you here- you are welcome. If you read this job description and feel passion and excitement, we’re just as excited about you.
We have a lofty mission to Smooth Access to Life Saving Therapies and we will get there by being bold and passionate about the mission and our clients. Our clients and the mission in what we are trying to accomplish must be in the forefront of our minds in everything we do.
02: Integrity, Truth, Reality
We make promises that we can keep, and goals that push us to new heights. Our integrity offers us the opportunity to learn and improve by being honest about what works and what doesn’t. By being true to the data and producing realistic metrics, we are able to create plans and resources to achieve our goals.
03: Kindness, Empathy, Grace
We will empathize with everyone's situation, provide positive and constructive feedback with kindness, and accept opportunities for improvement with grace and gratitude. We use this principle across the organization to collaborate and build lines of open communication.
04: Resilience, Mettle, Perseverance
We will persevere – even in difficult and challenging situations. Our ability to recover from missteps and failures in a positive way will help us to be successful in our mission.
05: Humility, Gratitude, Learning
We will be true learners by showing humility and gratitude in our work. We recognize that the smartest person in the room is the one who is always listening, learning, and willing to shift their thinking.
Norstella is an equal opportunities employer and does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, color, nationality, ethnic or national origin, religion or belief, disability or age. Our ethos is to respect and value people’s differences, to help everyone achieve more at work as well as in their personal lives so that they feel proud of the part they play in our success. We believe that all decisions about people at work should be based on the individual’s abilities, skills, performance and behavior and our business requirements. Norstella operates a zero tolerance policy to any form of discrimination, abuse or harassment.
Sometimes the best opportunities are hidden by self-doubt. We disqualify ourselves before we have the opportunity to be considered. Regardless of where you came from, how you identify, or the path that led you here- you are welcome. If you read this job description and feel passion and excitement, we’re just as excited about you.
Share:
