Application Security Engineer @ Veeva Systems

Application Security Engineer

Posted on 4/4/2023

INACTIVE

1,001-5,000 employees

Cloud computing services for pharmaceutical companies.

Company Overview

Veep's mission is to help R&D, quality, and regulatory teams eliminate inefficiencies and bring high-quality, safe, sustainable products to market without compromising quality. The company builds cloud-based tools for pharmaceutical research.

Locations

London, UK

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Agile

Android Development

AWS

Data Analysis

Docker

iOS/Swift

Jenkins

Java

Linux/Unix

C/C++

Perl

PHP

Kubernetes

Python

CategoriesNew

DevOps & Infrastructure

Software Engineering

Requirements

BSc in Computer Science or related field, or equivalent work experience
2+ years of work-related experience as an Application Security Engineer
Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
Experience with one or more interpreted or compiled languages: Python, Perl, PHP, C/C++, Java, C#
Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
Knowledge of core security concepts such as web application firewalls, IDS/IPS, network security (Layer 2, 4 & 7), application vulnerability management
Familiar with Jenkins, Bamboo, CI/CD Pipeline, and other automation tools
SDLC, ITIL, Agile development methods and testing
Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2012, 2016 and 2019, etc
Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards
Well-versed in web application design, penetration testing, application risk assessment, and risk categorization
Experience with VMWare, Docker, Kubernetes, and other virtualization technologies

Responsibilities

Maintains a secure application development process
Champions a process to identify and address software vulnerabilities
Capable of performing root cause analysis on security vulnerabilities
Manages and vets an inventory of trusted third-party software components
Maintains a Severity Rating System and process for prioritizing application vulnerabilities
Advises on hardening configuration templates for application infrastructure, including segmentation
Provides training on application security concepts and secure coding for Software Engineering
Implements code-level security checks through DAST and SAST techniques
Assists with application penetration testing
Assists with Threat Modeling
Responsible for scripting automation for any middleware related to security tools and functions
Utilizes scripting for meta-data aggregation to allow for the creation of dashboards or other metrics for security analytics

Desired Qualifications

Knowledge of the MITRE ATT&CK Framework
Industry security certifications such as CISSP, CEH, or others
Experience in CTF competitions, CVE research
Experience in Web and Mobile (Android/iOS) based application/service assessment
Experience in reverse engineering and associated tooling such as IDA
Knowledge of fuzzing, memory corruption, and exploit development
Demonstrable teamwork skills and resourcefulness

Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $2B in revenue in our last fiscal year with extensive growth potential ahead.

At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We’re not just any public company – we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.

As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.

Join us in transforming the life sciences industry, committed to making a positive impact on its customers, employees, and communities.

The Role

Veeva’s Security Engineering Team is seeking Application Security Engineers to help keep Veeva secure and safe from attackers. Our team in Columbus, OH & Oxford, UK is growing, and we want you to join us!

This role has a broad scope, ranging from developing DevSecOps automation services and system integrations using API’s, Webhooks, or other custom integrations of Veeva’s infrastructure. Development of automated processes of security tools, coloration of data through analytics, and design of integrated dashboards tools across our multiple platforms. This role presents an ultimate test of one’s security knowledge and ability, along with the support of a team of highly skilled individuals.

An Application Security Engineer at Veeva is expected to be strong in multiple domains. Application Engineers in this role work closely with teams throughout the Security organization, such as the Threat Intelligence, Application Security, and Security Operations, as well as provide technical leadership and advice to teams and leaders throughout Veeva.

Engineers in this role must show exemplary judgment when making technical trade-offs between short-term fixes, risk management, long-term security needs, and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as they discover, invent, and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.

What You’ll Do

Maintains a secure application development process
Champions a process to identify and address software vulnerabilities
Capable of performing root cause analysis on security vulnerabilities
Manages and vets an inventory of trusted third-party software components
Maintains a Severity Rating System and process for prioritizing application vulnerabilities
Advises on hardening configuration templates for application infrastructure, including segmentation
Provides training on application security concepts and secure coding for Software Engineering
Implements code-level security checks through DAST and SAST techniques
Assists with application penetration testing
Assists with Threat Modeling
Responsible for scripting automation for any middleware related to security tools and functions
Utilizes scripting for meta-data aggregation to allow for the creation of dashboards or other metrics for security analytics

Requirements

BSc in Computer Science or related field, or equivalent work experience
2+ years of work-related experience as an Application Security Engineer
Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
Experience with one or more interpreted or compiled languages: Python, Perl, PHP, C/C++, Java, C#
Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
Knowledge of core security concepts such as web application firewalls, IDS/IPS, network security (Layer 2, 4 & 7), application vulnerability management
Familiar with Jenkins, Bamboo, CI/CD Pipeline, and other automation tools
SDLC, ITIL, Agile development methods and testing
Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2012, 2016 and 2019, etc
Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards
Well-versed in web application design, penetration testing, application risk assessment, and risk categorization
Experience with VMWare, Docker, Kubernetes, and other virtualization technologies.

Nice to Have

Knowledge of the MITRE ATT&CK Framework
Industry security certifications such as CISSP, CEH, or others
Experience in CTF competitions, CVE research
Experience in Web and Mobile (Android/iOS) based application/service assessment
Experience in reverse engineering and associated tooling such as IDA
Knowledge of fuzzing, memory corruption, and exploit development
Demonstrable teamwork skills and resourcefulness

#RemoteUK

Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.

Veeva is committed to fostering a culture of inclusion and growing a diverse workforce. Diversity makes us stronger. It comes in many forms. Gender, race, ethnicity, religion, politics, sexual orientation, age, disability and life experience shape us all into unique individuals. We value people for the individuals they are and the contributions they can bring to our teams.