Associate Application Security Engineer

Summary

Join Veeva Systems, a leading life sciences industry cloud company, as an Application Security Engineer. You will play a key role in securing Veeva's applications by supporting the Checkmarx SAST/SCA platform, automating security tools within DevSecOps processes, and developing integrated security dashboards. This role involves collaborating with product development teams, creating documentation, and integrating security tools via APIs and webhooks. The position requires coding skills, knowledge of security standards, and experience with security tools. Veeva offers a flexible work environment as a Work Anywhere company, supporting both remote and in-office options.

Requirements

• Bachelor of Science in Computer Science, Computer Engineering, or related field, or equivalent work experience
• Coding skills in at least one primary language, such as Java or Python and React
• Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards
• Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities
• 1+ years as a security engineer or application developer
• Knowledge and understanding in various disciplines such as security engineering, infrastructure and network security, authentication and security
• Knowledge of protocols, cryptography, or application security
• Experience with interpreted or compiled languages: Python, Java, React, Ruby, Perl, PHP, C/C++, C#
• Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs, Azure, and Alibaba Cloud

Responsibilities

• Support Checkmarx SAST & SCA platform, tuning and supporting product development
• Assist application product teams with scan automation via pipeline build such as Jenkins or CI/CD
• Automation of security tools into the DevSecOps processes
• Create best practices, system troubleshooting, or process documentation
• Write code supporting data lake and data warehouse collection and data transformation processes
• Maintain security infrastructure, tools, and systems
• Integration of security tools through APIs, webhook, or other custom integration
• Conduct full life cycle engagements with business units independently or as part of a team
• Create and maintain integrated security dashboards pulling multiple security systems into a unified global view

Preferred Qualifications

• Bachelor of Science in Cyber Security, Information Security, MIS, or equivalent
• Experience in Web and Mobile (Android/iOS) based application/service assessment
• Knowledge of fuzzing, memory corruption, and exploit development
• Familiar with Jenkins, Bamboo, CI/CD Pipelines, and other automation tools
• Experience with Big Data technologies such as Elastic, Cloudera, Hadoop, Datadog, or others
• Experience maintaining security tools and automation scripts to streamline security processes

Benefits

Remote work, flexible hours