Veeva [NYSE: VEEV] is the leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, our customers range from the world’s largest pharmaceutical companies to emerging biotechs. Veeva’s software helps our customers bring medicines and therapies to patients faster.
We are the first public company to become a Public Benefit Corporation. As a PBC, we are committed to making the industries we serve more productive, and we are committed to creating high-quality employment opportunities.
Veeva is a Work Anywhere company which means that you can choose to work in the environment that works best for you - on any given day. Whether you choose to work remotely from home or work in an office - it’s up to you.
As an Application Security Architect, you will provide guidance and direction to software engineering teams throughout Veeva and drive the implementation of security best practices into the software development lifecycle. Establish architecture standards and patterns, and perform architecture reviews against frameworks such as BSIMM, Stride, MITRE, CIS, and others.
The Security Architect will work with other security leads to define org's security program, measure adherence, suggest/implement changes, and present to the steering committee and engineering teams. We partner closely with engineering teams and other security teams to build a consolidated roadmap of security improvements. We work with engineering teams during design to build secure services, conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies, provide SME support, security guidance, and mentoring, help others evaluate new platforms, technologies, and patterns. As an architect, you will be also working with other architects and engineers to design/develop tooling and framework components to allow easy adoption of security best practices e.g. auth, transport encryption, tracing.
What You'll Do
- Build strong relationships and effectively influence product engineering.
- Translate security risks to business impact.
- Architects, prioritizes, coordinate, and communicate the choice of security technologies necessary to ensure a highly secure yet usable computing environment.
- Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects.
- Perform code analysis, and application security reviews, and develop an application security training program.
- Stays current with security technologies and makes recommendations for use based on business value.
- Maintains expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services.
- Provide training and mentoring to clients and consulting resources.
- Understanding of the OWASP Top 10 application security risks and how to address them.
- Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
- Working knowledge of Amazon AWS, Microsoft Azure, or other cloud computing platform offerings and security-related services.
- Integration of security tools through APIs, webhook, or other custom integration.
- Hands-on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
- Core understanding of web application security scanning software and related penetration testing tools such as SAST/DAST/IAST/SCA.
- Deep understanding of services-oriented architecture, building internet-scale, distributed, and critical services.
- Experience with architecture and security reviews, threat modeling applications, and identifying areas of risk.
- Experience implementing strategies to support secure and compliant architectures. Knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS).
- Excellent written and verbal communication.
- Ability to scale by evangelizing your work to leadership and engineers including writing requirements and solid technical guides.
- Familiar with compliance regulations like; PCI, GDPR, SOC2, SOX.
- An affinity and experience with automation and a development-based approach to security.
- Ability to collaborate with multi-functional teams located in different time zones to drive fixes and alignment to established policies.
- BS in Computer Science or Equivalent with 10+ years of experience.
Nice to Have
- MS in Cyber Security, Information Security, MIS, or equivalent
- Knowledge of the MITRE ATT&CK Framework
- Industry security certifications such as CISSP, CEH, or others
- Experience in conducting social engineering-focused assessments
- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
- Experience in Web and Mobile (Android/iOS) based application/service assessment
- Experience in Wireless and Network assessment in enterprise infrastructure
- Experience in reverse engineering and associated tooling such as IDA
- Knowledge of fuzzing, memory corruption, and exploit development
- Knowledge about hardware hacking
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at firstname.lastname@example.org.