Application Security Engineer

United Kingdom - Oxford

Veeva Systems

Veeva Systems Inc. is a leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, Veeva has more than 1,100 customers, ranging from the world's largest...

View company page

Veeva is a mission-driven organization that aspires to help our customers in Life Sciences and Regulated industries bring their products to market, faster. We are shaped by our values: Do the Right Thing, Customer Success, Employee Success, and Speed. Our teams develop transformative cloud software, services, consulting, and data to make our customers more efficient and effective in everything they do. Veeva is a work anywhere company. You can work at home, at a customer site, or in an office on any given day. As a Public Benefit Corporation, you will also work for a company focused on making a positive impact on its customers, employees, and communities.
The Role
Veeva’s Security Engineering Team is seeking Application Security Engineers to help keep Veeva secure and safe from attackers. Our teams in Columbus, OH & Oxford, UK are growing, and we want you to join us!
This role has a broad scope, ranging from developing DevSecOps automation services, system integrations using API’s, Webhooks, or other custom integrations of Veeva’s infrastructure.  Development of automate processes of security tools, coloration of data through analytics, and design of integrated dashboards tools across our multiple platforms.  This role presents an ultimate test of one’s security knowledge and ability, along with the support of a team of highly skilled individuals.

What You'll Do

  • An Application Security Engineer at Veeva is expected to be strong in multiple domains. Application Engineers in this role work closely with teams throughout the Security organization, such as the Threat Intelligence, Application Security and Security Operations, as well as provide technical leadership and advice to teams and leaders throughout Veeva. 
  • Engineers in this role must show exemplary judgment when making technical trade-offs between short-term fixes, risk management, long-term security needs and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.
  • Identify applicable industry best practices and consult with Development teams on methods to continuously improving the risk posture. Develop and enhance practices to align application development with the NIST 800-53 security framework to satisfy business and regulatory requirements to comply with SOC, ISO 27001, ISO 27018, HiTrust, and HIPAA.
  • Implement secure Software Development Lifecycle (SDLC), design security policy, standards and controls including oversight of remediation activities. Conduct vulnerability reviews against Internet Information Services, Apache, application program interfaces (API) and associated cryptographic functions and exchanges. 
  • Orchestrate and execute application security risk assessments independently with little or no guidance. Assess applications, design threat models, document potential risk vectors, check for code vulnerabilities, recommend proportional controls and ensure risks are resolved expeditiously. 
  • Ensure AWS, SaaS and our cloud native application security configurations and exchanges are free of Common Vulnerabilities and Exposures (CVE). Deploy applications for static and dynamic code testing. Research trends to meet future information security requirements.
  • Create and maintain integrated security dashboards pulling multiple security systems into a unified global view.
  • Investigate application security vulnerabilities, third party libraries, and validate high and critical penetration test findings.  Train other members of the application security engineers, developers or platform engineers regarding security best practices both in coding and tools.
  • Assist in Security Incident Response and Cyber Forensics during and post an incident and assist in reverse engineering the attack and designing security controls.
  • Troubleshoot complex implementations of SAST, DAST and SCA solutions with Veeva product teams and vendor support teams, professional services, and customers in order to provide satisfactory resolution.  Technically document in detail, lessons learned, viable solutions to problems, workarounds, feature requests, defects, and other knowledge so that it may be shared with appropriate teams within SAST, DAST and SCA tools.  

Requirements

  • BSc in Computer Science or related field, or equivalent work experience.
  • 2+ years of work-related experience as Application Security Engineer, Application Security Developer or Sr. Application Security Analyst, scoping and recommending static and dynamic application security tools, collaborating with Application Development teams on projects, scanning code for vulnerabilities and CVEs, reducing threat vectors in AWS, API and in on premise application environments.
  • Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
  • Experience with one or more interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#.
  • Programming and Software development experience with one or more: Python, JAVA, Java Script, PowerShell, Bash scripting.
  • Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs.
  • Knowledge of core security concepts such as web application firewalls, IDS/IPS, network security (Layer 2, 4 & 7), application vulnerability management.
  • Familiar with Jenkins, Bamboo, CI/CD Pipeline, and other automation tools.
  • SDLC, ITIL, Agile development methods and testing.
  • Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2012, 2016 and 2019 etc.
  • Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards.
  • Well versed in web application design, penetration testing, application risk assessment and risk categorization.
  • Experience with VMWare, Docker, Kubernetes, and other virtualization technologies. 

Nice to Have

  • Knowledge of the MITRE ATT&CK Framework
  • Industry security certifications such as CISSP, CEH or others
  • Experience in CTF competitions, CVE research
  • Experience in Web and Mobile (Android/iOS) based application/service assessment
  • Experience in reverse engineering and associated tooling such as IDA
  • Knowledge of fuzzing, memory corruption and exploit development
  • Demonstrable teamwork skills and resourcefulness
#RemoteUK
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is committed to fostering a culture of inclusion and growing a diverse workforce. Diversity makes us stronger. It comes in many forms. Gender, race, ethnicity, religion, politics, sexual orientation, age, disability and life experience shape us all into unique individuals. We value people for the individuals they are and the contributions they can bring to our teams.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Analytics Android APIs Application security Automation AWS Bash C C++ CEH CI/CD CISSP Cloud Computer Science Cryptography CTF DAST DevSecOps Docker Exploit Firewalls Forensics HIPAA HITRUST IDS Incident response iOS IPS ISO 27001 Java Kubernetes Linux MITRE ATT&CK Network security NIST OWASP Pentesting Perl PHP PowerShell Python Reverse engineering Risk assessment Risk management Ruby SaaS SANS SAST Scripting SDLC Threat intelligence VMware Vulnerabilities Vulnerability management Windows

Region: Europe
Country: United Kingdom
Job stats:  1  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.