Senior Cyber Security Engineer

Do you want to be part of a new strategic focus area in Novo Nordisk? Are you passionate about technology and turning security into a business enabler? Are you able to translate complex technological challenges into simple solutions for stakeholders to understand and in that way build a relation to become a trusted advisor? And most importantly - can you bring value in our journey with the aim of bringing innovative digital products to patients across the globe, living with chronic diseases? Then we look forward to meeting you!

About the department

Digital Health IT work in close collaboration with the Digital Health business unit as well as external partners to bring innovative digital solutions to patients globally, living with diabetes and other chronic diseases.

Digital Health IT is responsible for the IT part of delivering Apps that are directly used by patients as well as the backend services and systems that supports these.

The Apps are used for medical purposes and will likely be integrated with connected medical devices such as connected insulin injection pens and connected glucose monitoring devices. Known as “Software as a Medical Device”, these Apps are highly regulated and have strict quality requirements to ensure patient safety.

To succeed with this endeavour, Digital Health IT employs a total of 40+ fulltime internal and external colleagues with various backgrounds such as Project Managers, Compliance & Quality experts, Digital Solution Architects, System Managers/DevOps and we have established close relations with 3rd party suppliers and developers, that are accustomed to deliver highly innovative products in this regulated environment.

The department is growing and constantly evolving and is anchored within Digital Innovation in Global IT. As the name implies, we are continuously moving into new areas, where new and innovative competencies, solutions and perspectives are needed. The Department and colleagues are full of drive and are highly flexible and adaptive in an environment where changes, updates and releases are part of every day.

The position

As a Cybersecurity Engineer, you will act as trusted advisor to provide technical expertise and guidance for all the components that makes up the eco-system of digital solutions. This eco-system consists of front-end components that are in the hand of patients and a range of IoT devices, including connected medical devices, smartphones, mobile apps and websites.

You will work with various cloud services and infrastructure projects from a cybersecurity perspective with the aim of helping achieve our business goals. You will work closely with different stakeholders in both Line of Business, Global IT and in Global Information Security to ensure that advice and guidance aligns with the goals and strategy of Novo Nordisk.

You will also provide security guidance to the architecture of the backend cloud-based systems and the integration of these. To succeed in this position, you should have solid technical experience and a sincere interest in new technologies. In addition to this you are expected to understand the technologies involved in each of the components that makes up a digital solution whilst being able to identify the specific threats that pertain to the technology, as well as knowing how they are integrated.

In the role as Cybersecurity Engineer, you will act as security lead on one or more projects within Digital Health IT and fulfil the role as trusted security advisor to the Project Manager and the Project Team. In collaboration with 3rd party suppliers and the Lead Architect in Digital Health IT, you will be directly responsible for leading and defining the end-to-end product security architecture of the digital solution, and you will be involved in the evolution of the digital solution, from initial ideation to specifications and design by providing security focused requirements and guidance for the digital solution. As these digital solutions will evolve over time, you will also provide security guidance for the continuous development of features and functionalities.

The position is based in Søborg, Denmark.

Qualifications

We expect that you have 5+ years of experience in Information Security and/or offensive security practices - if not similar background. You are familiar with IT technical architecture and have a solid understanding of IT security, security risk management, cloud infrastructure security, and consumer application security, for instance working with smartphones, apps and Bluetooth/NFC connected devices either through securing or performing security assessments for these types of systems. You are familiar with defining product security requirements. You can also perform application security reviews and threat modelling exercises, including code review and dynamic testing on both cloud and customer facing applications.

You have at least a Bachelor degree within IT, or comparable education. In addition to this, you have relevant certifications such as CISSP, CISM, OSCP or knowledge and experience equivalent to these certifications. You may also possess cloud vendor security certifications for Azure, GCP and or AWS cloud services or desire to obtain such.

You have previously worked with security in agile software development. You might have experience working with public cloud environments and services and/or have a software development background. You might have some experience working with containerization, microservices and serverless computing architectures in a security context, and you may have worked as a security subject matter expert in the field of consumer-based products including smartphone apps and connected devices. This is not a hard requirement as curiosity and willingness to learn is more important.

Experience working in a regulated industry as well as with Risk Management standards like ISO14971, 62304, 13485 is an advantage. Experience working with privacy regulations HIPAA/GDPR is useful. Knowledge of the US FDA recognized UL 2900 Cybersecurity standard for medical devices would be a strong attribute. Basic knowledge working with Risk Management standards like ISO14971, 62304, 13485 is also an advantage as you will be driving the security risk assessments for the product which will include threat modelling as part of the process. Knowledge of AppSec tools such as SAST, DAST and SCA is also an advantage for the role.

As a person you are known to be positive and diplomatic. It is easy to be overwhelmed while trying to fend off an ever increasing list of threats, vulnerabilities and attack vectors, but you are able to manage this while keeping your cool and identifying realistic mitigations that can work without breaking budgets and timelines. You have a mindset that allows you to balance security best practices with other considerations from members of your team, whether they are certain business objectives, technical feasibility concerns or patient safety risks. All in all, you are able to follow best practices and explain complex technical concepts in both written and verbal form.

To succeed, it is crucial that you thrive with working in teams where you can inspire and motivate your stakeholders to take informed decisions. In addition, you must have strong work ethic and willingness to take responsibility to bring the best possible digital solutions to the market and you understand and value that you play an important part in making lives easier for people with diabetes and other chronic diseases. Since you will be working Globally you must expect some meetings to take place outside DK working hours and some travel activity.

Fluency in English (Oral and written) is a prerequisite.

Working at Novo Nordisk

At Novo Nordisk, we strive for excellence. As a world leader in diabetes care and a major player in haemostasis management, growth hormone therapy and hormone replacement therapy, we offer our employees opportunities for continuous growth.

Contact

For further information, please contact Marios Argyriou on +45 3079 2185 or Henrik Christoffersen on +45 3075 8377.

Deadline

20th of December 2022.

We commit to an inclusive recruitment process and equality of opportunity for all our job applicants.

At Novo Nordisk we recognize that it is no longer good enough to aspire to be the best company in the world. We need to aspire to be the best company for the world and we know that this is only possible with talented employees with diverse perspectives, backgrounds and cultures. We are therefore committed to creating an inclusive culture that celebrates the diversity of our employees, the patients we serve and communities we operate in. Together, we’re life changing.

Print job Send to e-mail