View All Jobs 169765

Senior Security Engineer

Design and implement scalable security controls for cloud-native microservices infrastructure
Oslo, Norway, Norway Oslo, Norway Sarajevo, Bosnia and Herzegovina Sofia, BGR
Senior
3 weeks ago
P

P

A healthcare performance improvement firm specializing in patient experience, clinical and operational excellence, and workforce engagement.

Security Engineer

The Security Engineer is a member of PG Forsta's Information Security team and is responsible for building and maintaining controls that manage information risk and security. The engineer is expected to build and maintain administrative, technical, and physical controls to secure PG Forsta data and keep PG Forsta in compliance with applicable laws, regulations, and contractual terms.

We are seeking a Senior Security Engineer with a strong software development background to help us design, build, and scale secure systems. You will play a critical role in researching, architecting, and implementing innovative security solutions while working closely with product engineering teams to ensure security is embedded throughout the development lifecycle.

Skills we are looking for:

  • Software development, including automated CI/CD pipelines
  • SBOM, SCA, SAST, DAST (Software Bill of Materials, Software Composition Analysis, Static Analysis Security Testing, Dynamic Analysis Security Testing)
  • Identity management best practices
  • Vulnerability management, specifically with software dependencies
  • Incident response and troubleshooting
  • ITSM workflow and process

This position has no direct reports. It is a remote position that may require coordination with US working hours, occasional travel (1-2 times per year) and on-call support every 6-8 weeks.

Ideal Candidate: Application developer/engineer with experience with build pipelines, security testing, SBOMs, vulnerability management, and coordinating with product, engineering, and security teams.

About the Team:

The Risk and Security team is part of the Legal Department. The team reports to the SVP, Risk and Security who reports to the General Counsel. It consists of people with technical security skills and non-technical audit and compliance skills.

PG Forsta's security team is well-funded and supported by management. We have meaningful influence on how systems are designed and implemented. The department is structured to allow internal staff to leave work at work. While the job will require setting goals and meeting deadlines, it rarely requires more than 45 hours of work per week.

Duties and Responsibilities:

Strategy & Vision:

  • Participate in vision, principles, and security strategy for projects or specific technologies, ensuring alignment with organizational goals.

Operational Execution:

  • Integrate and manage security tooling across the SDLC and CI/CD pipelines, including:
    • Software Composition Analysis (SCA)
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Secrets detection, Infrastructure-as-code scanning, API security testing, and vulnerability correlation platforms
  • Safeguard the software development lifecycle by securing dependencies, container images, build processes, and third-party integrations.
  • Embed security into new CI/CD pipelines and maintain existing security testing in CI/CD pipelines and troubleshoot them as needed.
  • Contribute hands-on to codebases where needed, providing guidance on secure coding practices and reviewing critical code paths.
  • Champion container security by ensuring secure image creation, scanning, and runtime protections across platforms like Docker and Kubernetes.
  • Drive adoption of secure coding practices, supported by threat modeling, code reviews, and developer training programs.
  • Drive security awareness and best practices across engineering teams by mentoring developers and empowering Security Champions.
  • Establish and track key metrics for AppSec maturity, risk reduction, and remediation SLAs.

Cross-Functional Collaboration:

  • Liaise with Legal to define and communicate security controls required for regulatory compliance and contractual obligations.
  • Working with product engineering, design and implement security for microservices architectures, including mTLS, service-to-service authentication, secrets management.
  • Working with product engineering, Research, design, and apply innovative security solutions to both new and existing systems.
  • Partner with DevOps and Infrastructure teams to secure Azure cloud-native environments, including container orchestration and deployment layers.
  • Partner with GRC and Client Response teams to prepare for audits, provide standardized answers to security questionnaires, and represent pipeline and platform controls to clients and external assessors.
  • Engage with Pre-Sales Engineering, where required, to support security discussions with strategic prospects and customers.
  • Create transparency and trust around security posture through consistent reporting, dashboards, and stakeholder communication.

Continuous Improvement:

  • Identify gaps in security posture and propose enhancements to architecture, processes, and tooling.

Required Qualifications:

  • Strong background in software development (experience with at least one major language such as Go, Java, Python, or C#).
  • Hands-on experience in building and troubleshooting CI/CD pipelines (Jenkins, Azure DevOps, GitLab CI, GitHub Actions, or similar).
  • Deep understanding of secure architecture patterns (microservices, APIs, authentication, authorization).
  • Experience with mTLS, PKI, and cryptographic protocols.
  • Hands-on experience with IaC security and secure automation.
  • Ability to effectively communicate complex security concepts to both technical and non-technical audiences.
  • Familiarity with modern infrastructure (Kubernetes, Docker, cloud-native environments).
  • Knowledge of modern DevSecOps practices and CI/CD security integration.

Preferred Qualifications:

  • Threat modeling and risk assessment experience.
  • Experience with tools like Sigstore, SLSA, or in-toto for supply chain security.
  • Contributions to open-source security tools or research.
  • Experience building or driving a Security Champion program is a plus.

Experience:

  • 6+ years' experience in Application Development or similar technical role
  • (Preferred) Experience in a healthcare environment.

Compliance & Ethics Expectations:

  • Participates and successfully completes the company's compliance program requirements and adheres to the Code of Conduct, Company policies, and applicable federal and state requirements.
  • Sets an example for other employees regarding how the Company's Code of Conduct and Compliance Program is applied and observed every day when dealing with customers, business operations, or other teammates.
  • Reports potential violations of company policy, Code of Conduct, and/or applicable laws and regulations
  • Promotes an environment in which other employees are encouraged to report potential violations.
  • As appropriate, provides input and suggestions regarding areas in which policies, procedures, workflows, and/or controls can be improved to enhance compliance.

Special Working Conditions:

This is a remote-working position. Week-long travel may be required 1-4 times per year.

Special Physical Requirements:

  • Requires ability to get to all users' operations and computer facilities.
  • Requires the ability to meet deadlines, frequent assignment changes, periodic heavy workload, rapidly changing environment, and dynamic business growth.
  • Requires ability to concentrate on detailed tasks for sustained periods of time.
  • Requires the ability to operate computer, printer, copy machine, calculator, other general office equipment, and to record written information.
  • Requires the ability to communicate with customers, users and vendor representatives in person, in writing, and on the telephone.
  • Requires the ability to read computer output and printed material.
  • Requires the ability to read complex vendor reference material and written user manuals.
  • Requires the ability to participate in interactive verbal group activities including brainstorming and application design working sessions.
  • Requires the ability to travel occasionally, including domestic flights.
  • Requires ability to withstand mental pressure caused by time deadlines, frequent changes, periodic heavy workload, rapidly changing environment and dynamic business growth.

Don't meet every single requirement?

Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At PG Forsta we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we

+ Show Original Job Post
Suggest a correction
























Senior Security Engineer
Oslo, Norway, Norway Oslo, Norway Sarajevo, Bosnia and Herzegovina Sofia, BGR
Engineering
Apply to job
About P
A healthcare performance improvement firm specializing in patient experience, clinical and operational excellence, and workforce engagement.