Application Security Engineer Senior

Veeva Systems Columbus , OH 43216

Posted 3 months ago

At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.

The Role

Veeva's Security Engineering Team is seeking Application Security Engineers to help keep Veeva secure and safe from attackers. Our team in Columbus is growing, and we want you to join us!

This role has a broad scope, ranging from developing Dev Sec Ops automation services, system integrations using API's, Webhooks, or other custom integrations of Veeva's infrastructure. Development of automate processes of security tools, coloration of data through analytics, and design of integrated dashboards tools across our multiple platforms. This role presents an ultimate test of one's security knowledge and ability, along with the support of a team of highly skilled individuals.

What You'll Do

  • An Application Security Engineer at Veeva is expected to be strong in multiple domains. Application Engineers in this role work closely with teams throughout Security, such as the Threat Intelligence, Application Security and Security Operations teams, as well as provide technical leadership and advice to teams and leaders throughout Veeva. You will be in direct contact with numerous teams in a variety of business platforms, giving you firsthand knowledge about how Veeva is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Veeva to find new ways to break software and processes throughout the company.

  • Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as you discover, invent and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.

  • Integration of security tools through API's, webhook or other custom integration.

  • Conduct full life cycle engagements with business units independently, or as part of a team.

  • Create and maintain integrated security dashboards pulling multiple security systems into a unified global view.

  • Develop and maintain global ticket management dashboard consolidating data from tools such as JIRA, FreshService, and Veeva applications.

  • Create automated Security Incident Response system to move playbooks to an automated tracking platform integrated with other Veeva Systems.

  • Automation of security tools into the Dev Ops process to utilize true Dev Sec Ops

  • Communicate issues or findings and discoveries prioritize and execute remediation plans.

  • Train other members of the application security engineers, developers or platform engineers of the automation efforts

  • Assist in Security Incident Response and Cyber Forensics during and post an incident and assist in reverse engineering the attack and designing security controls

  • Validate exploits findings from third party penetration testers

  • Review and validate findings from Veeva's bug bounty program

  • Maintain automation of securities AWS VPC and related testing systems for our third-party testers and bug bounty programs

  • Backup the Security Architect working with the Veeva platform teams on secure code practices, vulnerability reviews of third-party libraries or other security findings.

Requirements

  • BS in Computer Science or related field, or equivalent work experience

  • 4+ years as a principle or senior application developer or engineer role.

  • Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security

  • Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#

  • Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs

  • Experience with data analytics, indexing and data algorithms.

  • Familiar with Jenkins, Bamboo, CI/CD Pipeline and other automation tools

  • SDLC, ITIL, Agile development methods and testing.

  • Experience with Big Data technologies such as Elastic, Cloudera, Hadoop, Datadog, or others.

  • Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2008, 2012, 2016 and 2019 etc.

  • Understanding of OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC or other security standards

Nice To Have

  • Master of Science in Cyber Security, Information Security, MIS or equivalent

  • Knowledge of the MITRE ATT&CK Framework

  • Industry security certifications such as CISSP, CEH or others

  • Experience in conducting social engineering focused assessments

  • Experience in CTF competitions, CVE research and/or Bug Bounty recognition

  • Experience in Web and Mobile (Android/iOS) based application/service assessment

  • Experience in Wireless and Network assessment in enterprise infrastructure

  • Experience in reverse engineering and associated tooling such as IDA

  • Knowledge of fuzzing, memory corruption and exploit development

  • Knowledge about hardware hacking

  • Intermediate to advanced communication and presentation skills

  • Experience providing training and mentorship

  • Demonstrable teamwork skills and resourcefulness

  • Ability to make concrete progress in the face of ambiguity and imperfect knowledge

Perks & Benefits

  • Flexible PTO

  • Allocations for continuous learning & development

  • Health & wellness programs

#LI-DNP

Veeva's headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.

Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Security Analyst

The Ohio State University

Posted 3 days ago

VIEW JOBS 8/18/2019 12:00:00 AM 2019-11-16T00:00 Position Information Top Message Both current Ohio State employees and the general public may apply for this unclassified professional position. Message to Applicants Number of Positions Available 1 University Title Senior Security Analyst Working Title Senior Security Analyst Department OCIO Governance and Risk Mgmt Department Location Columbus Requisition Number 452518 Summary of Duties The Ohio State Enterprise Security team is responsible for the implementation of a comprehensive cybersecurity program that enables and supports the management of information security risk for Ohio State's information systems and assets. The Enterprise Security team looks for individuals who value partnership, trust, innovation and respect. We hold one another accountable for high, ethical and competent performance. Our strategic goals include partnering with the university community to facilitate an information risk aware culture, support university leaders to actively own their information security risks, and to introduce new capabilities; providing solutions which offer foundational information security capabilities, ease of use, and align to current and future university needs; ensuring timely incident and emerging threat response activities, and coordination between stakeholders. We are seeking to hire a Senior Security Analyst – Security Coordinator to ensure Enterprise Security maintains compliance with the university's security control requirements. Your role as the Security Coordinator for Enterprise Security will be to perform risk assessments on internal and third-party Enterprise Security systems, facilitate and verify that Enterprise Security systems are in compliance with OSU and industry security standards and track issues in the associated risk registry. In this role, you will report to the Associate Director of Enterprise Security Risk Management to provide technical and organizational support for Enterprise Security-driven security projects, initiative, and systems. With a moderate level of autonomy and decision-making authority you will: * Represent Enterprise Security to department leaders and security coordinators across University stakeholder groups * Represent OSU to external parties and constituents * Engage with Enterprise Security leadership to enhance Enterprise Security services and offerings * Assess security and/or compliance of university and third party vendor systems; document and develop solutions for known issues/enhancements provide and present summary and detailed assessment reports to users, peers, stakeholders, and senior management * Maintain Enterprise Security risk registry in regard to compliance of systems and applications to university security standards. * Identify Enterprise Security system-related threat events, vulnerabilities, likelihood, impact and risk. * Work directly with Enterprise Security staff in the development of risk treatment plans to mitigate risk and ensure compliance * Serve as project security lead for business-critical security initiatives, integrating security into the SDLC and ensuring that solution design and implementation are consistent with the strategic security vision and the university security framework * Analyze and assess current and emerging areas of technology in regard to their risk and secure adoption * Assist with process oversight and improvement around Risk Assessment procedures and related technologies, including documenting repeatable procedures, scoring guidance, and summaries of commonly seen issues and associated mitigations You will be required to have superior written and verbal communication skills in order to engage with senior business and technology professionals, engage with customers and help them set priorities and requirements, and influence and persuade stakeholders. You will need to manage project and work group resources. It is preferable that you are familiar with project management processes and have demonstrated security experience from security certifications such as CISSP, GIAC, ISACA or others. Additional Information for Applicants: Our goal is to foster a community of professionals with diverse skills, experiences and backgrounds who actively collaborate to support the mission of the Ohio State University. We are committed to personal and professional growth of individuals as they achieve their highest potential and support others along the way. In an ever-changing technology landscape our employees are flexible, innovative, and adept problem-solvers. Pre Employment Screening Requires the successful completion of a background check. Required Qualifications Bachelor's degree, or an equivalent combination of education and experience; 5-8 years of IT experience; four years of security experience; security roles demonstrating experience in one or more of the following domains: data security, security analysis, network security, systems and applications security, vulnerability management, security policy development, security training and awareness, identity and access management, EndPoint Security, mobile/cloud security, and/or penetration testing; demonstrated data analysis capabilities; demonstrated ability to engage customers and determine customer priorities and requirements, ability to professionally conduct difficult conversations, demonstrated ability to influence/persuade stakeholders, superior written and verbal communications. Desired Qualifications Security certification(s): CISSP, CISA, CRISC, GIAC, OSCP or similar; familiarity with ITIL and project management processes; staff management exposure; demonstrated written and verbal presentation skills. Target Salary $90,060.00 - $110,060.00 Annually Job Category Information Technology (IT) Job Appointment (FTE%) 100.0 Full/Part Time Full-time Temporary or Regular Regular Posting Start Date 08/17/2019 Posting End Date 09/01/2019 Dept Contact Name Ryan,Sara E Dept Contact Phone Quick Link http://www.jobsatosu.com/postings/97362 The Ohio State University Columbus OH

Application Security Engineer Senior

Veeva Systems