Listing Description
Veeva is a mission-driven organization that aspires to help our customers in Life Sciences and Regulated industries bring their products to market, faster. We are shaped by our values: Do the Right Thing, Customer Success, Employee Success, and Speed. Our teams develop transformative cloud software, services, consulting, and data to make our customers more efficient and effective in everything they do. Veeva is a work anywhere company. You can work at home, at a customer site, or in an office on any given day. As a
Public Benefit Corporation, you will also work for a company focused on making a positive impact on its customers, employees, and communities.
The Role
As an Application Security Architect, you will provide guidance and direction to software engineering teams throughout Veeva and drive the implementation of security best practices into the software development lifecycle. Establish architecture standards and patterns, and perform architecture reviews against frameworks such as BSIMM, Stride, MITRE, CIS, and others.
The security architect will work with other security leads to define the org's security program, measure adherence, suggest/implement changes, and present to steering committees and engineering teams. We partner closely with engineering teams and other security teams to build a consolidated roadmap of security improvements. We work with engineering teams during design to build secure services, conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies, provide SME support, security guidance and mentoring, and help others evaluate new platforms, technologies, and patterns. As an architect, you will also be working with other architects and engineers to design/develop tooling and framework components to allow easy adoption of security best practices e.g., auth, transport encryption, and tracing.
What You'll DoBuild strong relationships and effectively influence product engineeringTranslate security risks to business impactArchitects, prioritizes, coordinates, and communicates the choice of security technologies necessary to ensure a highly secure yet usable computing environmentProvide security architecture and advice in support of application development, infrastructure, and enterprise technology projectsPerform code analysis, application security reviews, and develop an application security training programStay current with security technologies and make recommendations for use based on business valueMaintain expert knowledge in the field of Information Security and the related issues, systems, processes, products, and servicesProvide training and mentoring to clients and consulting resources
RequirementsUnderstanding of the OWASP Top 10 application security risks and how to address themWorking knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)Working knowledge of Amazon AWS, Microsoft Azure, or other cloud computing platform offerings and security-related servicesIntegration of security tools through API’s, webhook, or other custom integrationHands-on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languagesCore understanding of web application security scanning software and related penetration testing tools such as SAST/DAST/IAST/SCADeep understanding of service-oriented architecture, building internet-scale, distributed, and critical servicesExtensive knowledge of Java and the Java EcosystemProficiency in Python, JavaScript, and other scripting languagesExperience with architecture and security reviews, threat modeling applications, and identifying areas of riskExperience implementing strategies to support secure and compliant architecturesKnowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS)Excellent written and verbal communicationAbility to scale by evangelizing your work to leadership and engineers including writing requirements and solid technical guidesFamiliar with compliance regulations like; PCI, GDPR, SOC2, SOXAn affinity and experience with an automation and development-based approach to securityAbility to collaborate with multi-functional teams located in different time zones to drive fixes and alignment to established policiesBS in Computer Science or Equivalent with 10+ years of experience
Nice to HaveMS in Cyber Security, Information Security, MIS, or equivalentKnowledge of the MITRE ATT&CK FrameworkIndustry security certifications such as CISSP, CEH, or othersExperience in conducting social engineering-focused assessmentsExperience in CTF competitions, CVE research, and/or Bug Bounty recognitionExperience in Web and Mobile (Android/iOS) based application/service assessmentExperience in Wireless and Network assessment in enterprise infrastructureExperience in reverse engineering and associated tooling such as IDAKnowledge of fuzzing, memory corruption, and exploit developmentKnowledge about hardware hacking#RemoteUK
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is committed to fostering a culture of inclusion and growing a diverse workforce. Diversity makes us stronger. It comes in many forms. Gender, race, ethnicity, religion, politics, sexual orientation, age, disability and life experience shape us all into unique individuals. We value people for the individuals they are and the contributions they can bring to our teams.
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided