Application Security Engineer
Ohio - Columbus /
Operations – 230-Support Security Eng /
At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.
Veeva’s Security Engineering Team is seeking Application Security Engineers to help keep Veeva secure and safe from attackers. Our team is growing, and we want you to join us!
This role has a broad scope, ranging from developing Dev Sec Ops automation services, system integrations using API’s, Webhooks, or other custom integrations of Veeva’s infrastructure. Development of automate processes of security tools, coloration of data through analytics, and design of integrated dashboards tools across our multiple platforms. This role presents an ultimate test of one’s security knowledge and ability, along with the support of a team of highly skilled individuals.
What You'll Do
- An Application Security Engineer at Veeva is expected to be strong in multiple domains. Application Engineers in this role work closely with teams throughout the Security organization, such as the Threat Intelligence, Application Security and Security Operations, as well as provide technical leadership and advice to teams and leaders throughout Veeva.
- Engineers in this role must show exemplary judgment when making technical trade-offs between short-term fixes, risk management, long-term security needs and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as you discover, invent and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.
- Integration of security tools through API’s, webhook or other custom integration.
- Conduct full software life cycle (SDLC) engagements with business units independently, or as part of a team.
- Create and maintain integrated security dashboards pulling multiple security systems into a unified global view.
- Develop and maintain global ticket management dashboards consolidating data from tools such as JIRA, FreshService, security tools and Veeva applications.
- Automation of security tools into the DevOps process to utilize true DevSecOps.
- Become an expert in cloud-based security controls, tools and detection.
- Communicate issues or findings and prioritize and execute remediation plans.
- Train other members of the application security engineers, developers or platform engineers regarding security best practices both in coding and tools.
- Assist in Security Incident Response and Cyber Forensics during and post an incident and assist in reverse engineering the attack and designing security controls
- Validate exploits findings from third party penetration testers
- Maintain automation of securities AWS VPC and related testing systems for our third-party testers and bug bounty programs
- Backup the Security Architect working with the Veeva platform teams on secure code practices, vulnerability reviews of third-party libraries or other security findings.
- BSc in Computer Science or related field, or equivalent work experience
- 2+ years as a security application developer or engineer role.
- Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
- Programming and Software development experience (Any of the following - Python, JAVA, Java Script, PowerShell, Bash scripting)
- Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
- Extensive experience supporting or deploying security technology or services
- Strong knowledge (SME) in at least one of the following security domains: Cyber Threat Management; IDAM; Information Protection; Perimeter Protection; Platform Protection
- Experience with data analytics, indexing and data algorithms.
- Knowledge of core security concepts such as web application firewalls, IDS/IPS, network security (Layer 2, 4 & 7), application vulnerability management.
- Familiar with Jenkins, Bamboo, CI/CD Pipeline and other automation tools
- SDLC, ITIL, Agile development methods and testing.
- Experience with Big Data technologies such as Elastic, Cloudera, Hadoop, Datadog, or others.
- Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2012, 2016 and 2019 etc.
- Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC or other security standards
Nice to Have
- Secondary Language – Ability to speak and read business Japanese
- Master of Science in Cyber Security, Information Security, MIS or equivalent
- Knowledge of the MITRE ATT&CK Framework
- Industry security certifications such as CISSP, CEH or others
- Experience in conducting social engineering focused assessments
- Experience in CTF competitions, CVE research and/or Bug Bounty recognition
- Experience in Web and Mobile (Android/iOS) based application/service assessment
- Experience in Wireless and Network assessment in enterprise infrastructure
- Experience in reverse engineering and associated tooling such as IDA
- Knowledge of fuzzing, memory corruption and exploit development
- Knowledge about hardware hacking
- Intermediate to advanced communication and presentation skills
- Experience providing training and mentorship
- Demonstrable teamwork skills and resourcefulness
- Ability to make concrete progress in the face of ambiguity and imperfect knowledge
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.