Shire Jobs

Covetrus is a global animal-health technology and services company dedicated to empowering veterinary practice partners to drive improved patient health and financial outcomes. Headquartered in Portland, Maine, with more than 5,000 employees and more than 100,000 global customers, our passion for the well-being of animals and those who care for them drives us to advance the world of veterinary medicine. In the USA, we bring together products, services, and technology into a single platform that connects our customers to the solutions and insights they need to work best. Now, our mission is to bring this technology to veterinarians and their clients worldwide. SUMMARY As a member of the Application Security team you will contribute to the culture and processes involved in securing the software development lifecycle. You will work closely with development teams to ensure the security of the software solutions they create and maintain. You will collaborate with stakeholders across the business including engineering, quality, project management, IT, and DevOps. You will review and threat model designs, perform secure code reviews, automate security testing, analyze potential risks, and guide teams to avoid or mitigate items; ensuring software solutions protect Covetrus, our partners, and the pet parents who utilize our solutions. ESSENTIAL DUTIES AND RESPONSIBILITIES: Partner with product leaders to continually improve their security processes to keep security an integral part of the software development lifecycle. Review feature designs providing security assessments, guidance on secure implementation best practices, and threat modelling of potential risks. Participate in architectural design reviews providing secure best practices and guidance for individual components and infrastructure patterns. Integrate new security test automations into build and release processes. Expand existing automation rules and patterns to identify and prevent future occurrences of potential vulnerabilities. Perform secure code reviews, leading engineering teams on resolution of discoveries. Assist in training teams on application security principles. Assist teams in reproducing and triaging application security vulnerabilities. Establish and maintain documentation including mitigation guidance for specific vulnerabilities, risks, and project specific standards. Verify security control implementations through manual penetration testing and various available security tools. QUALIFICATIONS: Bachelor's degree in relevant field of study, or equivalent work experience. 7+ years of experience in development, quality assurance, DevOps, or application security. Expert knowledge of web application and cloud infrastructure vulnerabilities and ability to work with engineering and product teams to understand and protect against those vulnerabilities. Proficiency with security controls, vulnerability assessments, and risk management methodologies. Strong understanding of application security principles and how to defend against their abuse. Experience with application security tools (SAST, DAST, SCA/SBOM, container analysis, infrastructure configuration management). Experience identifying security issues through code review. Familiarity with C#, Java, Python, React, Angular, AWS, OAuth2, Kubernetes, microservice architecture, CQRS, GraphQL. COMPETENCIES (Skills and Abilities): Strong interpersonal and communication skills to effectively collaborate remotely with stakeholders at all levels of the organization. Proficient in threat modeling, risk assessment, defensive software development practices, and securing cloud infrastructure management. Aptitude for identifying and automating manual processes to improve efficiency and scalability. Attention to detail and a commitment to maintaining the highest standards of data security and privacy. Familiarit