Veeva [NYSE: VEEV] is the leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, our customers range from the world’s largest pharmaceutical companies to emerging biotechs. Veeva’s software helps our customers bring medicines and therapies to patients faster.

We are the first public company to become a Public Benefit Corporation. As a PBC, we are committed to making the industries we serve more productive, and we are committed to creating high-quality employment opportunities.

Veeva is a Work Anywhere company which means that you can choose to work in the environment that works best for you - on any given day.

The Role 

Veeva’s Security Engineering Team is seeking Application Security Engineers to help keep Veeva secure and safe from attackers. Our team in Columbus is growing, and we want you to join us!

This role has a broad scope, ranging from developing DevSecOps automation services, system integrations using APIs, Webhooks, or other custom integrations of Veeva’s infrastructure. Development of automated processes of security tools, the coloration of data through analytics, and the design of integrated dashboards tools across our multiple platforms. This role presents an ultimate test of one’s security knowledge and ability, along with the support of a team of highly skilled individuals.

An Application Security Engineer at Veeva is expected to be strong in multiple domains. Application Engineers in this role work closely with teams throughout Security, such as the Threat Intelligence, Application Security, and Security Operations teams, as well as provide technical leadership and advice to teams and leaders throughout Veeva. You will be in direct contact with numerous teams in a variety of business platforms, giving you firsthand knowledge about how Veeva is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Veeva to find new ways to break software and processes throughout the company.

Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as they discover, invent and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.

Responsibilities

• Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards
• Strong coding skills in at least one primary language such as Java or Python
• Integration of security tools through APIs, webhook, or other custom integration
• Conduct full life cycle engagements with business units independently, or as part of a team
• Create and maintain integrated security dashboards pulling multiple security systems into a unified global view
• Develop and maintain a global ticket management dashboard consolidating data from tools such as JIRA, FreshService, and Veeva applications
• Create an automated Security Incident Response system to move playbooks to an automated tracking platform integrated with other Veeva Systems
• Automation of security tools into the Dev Ops process to utilize true Dev Sec Ops
• Communicate issues or findings and discoveries prioritize and execute remediation plans
• Train other members of the application security engineers, developers or platform engineers of the automation efforts
• Assist in Security Incident Response and Cyber Forensics during and post an incident and assist in reverse-engineering the attack and designing security controls
• Validate exploits findings from third-party penetration testers
• Review and validate findings from Veeva’s bug bounty program
• Maintain automation of securities AWS VPC and related testing systems for our third-party testers and bug bounty programs
• Back up the Security Architect working with the Veeva platform teams on secure code practices, vulnerability reviews of third-party libraries, or other security findings

Requirements

• BS in Computer Science or related field, or equivalent work experience
• 4+ years as a principal or senior application developer or engineer role
• Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
• Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
• Experience with data analytics, indexing, and data algorithms
• Familiar with Jenkins, Bamboo, CI/CD Pipeline, and other automation tools
• SDLC, ITIL, Agile development methods, and testing
• Experience with Big Data technologies such as Elastic, Cloudera, Hadoop, Datadog, or others
• Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2008, 2012, 2016, and 2019, etc.

Nice to Have

• Master of Science in Cyber Security, Information Security, MIS or equivalent
• Knowledge of the MITRE ATT&CK Framework
• Industry security certifications such as CISSP, CEH, or others
• Experience in conducting social engineering-focused assessments
• Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
• Experience in Web and Mobile (Android/iOS) based application/service assessment
• Experience in Wireless and Network assessment in enterprise infrastructure
• Experience in reverse engineering and associated tooling such as IDA
• Knowledge of fuzzing, memory corruption, and exploit development
• Knowledge about hardware hacking
• Intermediate to advanced communication and presentation skills
• Experience providing training and mentorship
• Demonstrable teamwork skills and resourcefulness
• Ability to make concrete progress in the face of ambiguity and imperfect knowledge

#LI-Remote

Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.

Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at [email protected].