Senior Application Security Engineer
Nashville, TN, USA
Posted on Saturday, September 2, 2023
Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $2B in revenue in our last fiscal year with extensive growth potential ahead.
At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We're not just any public company – we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.
As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.
Join us in transforming the life sciences industry, committed to making a positive impact on its customers, employees, and communities.
This role has a broad scope, ranging from managing our SAST/SCA environment to developing Dev Sec Ops automation services, and system integrations using APIs, Webhooks, or other custom integrations of Veeva’s infrastructure. Development of automated processes of security tools, coloration of data through analytics, and design of integrated dashboard tools across our multiple platforms. You will be working as a security expert supporting our product development teams on code quality issues and findings.
What You'll Do
- Primary support for Checkmarx SAST & SCA platform, tuning and supporting product development
- Strong coding skills in at least one primary language, such as Java or Python and React
- Understanding of OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards
- Assist application product teams with scan automation via pipeline build such as Jenkins or CI/CD
- Automation of security tools into the DevSecOps processes
- Document best practices, system troubleshooting, or process via Confluence
- Write code supporting data lake and data warehouse collection and data transformation processes
- Maintain security infrastructure, tools, and systems
- Mentor junior security engineers, developers, or platform engineers
- Integration of security tools through APIs, webhook, or other custom integration
- Conduct full life cycle engagements with business units independently or as part of a team
- Create and maintain integrated security dashboards pulling multiple security systems into a unified global view
- Bachelor of Science in Computer Science, Computer Engineering, or related field
- 4+ years as a senior security engineer, senior application developer, or senior engineer
- Advanced knowledge and understanding in various disciplines such as security engineering, infrastructure and network security, authentication and security protocols, cryptography, or application security
- Experience with interpreted or compiled languages: Python, Java, React, Ruby, Perl, PHP, C/C++, C#
- Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs, Azure, and Alibaba Cloud
- Familiar with Jenkins, Bamboo, CI/CD Pipelines, and other automation tools
- SDLC, ITIL, Agile development methods and testing
- Experience with Big Data technologies such as Elastic, Cloudera, Hadoop, Datadog, or others
Nice to Have
- Master of Science in Cyber Security, Information Security, MIS, or equivalent
- Knowledge of the MITRE ATT&CK Framework
- Experience in Web and Mobile (Android/iOS) based application/service assessment
- Experience in reverse engineering and associated tooling such as IDA
- Knowledge of fuzzing, memory corruption, and exploit development
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.