Associate Application Security Engineer

The Role

Veeva’s Security Engineering team is seeking an aspiring Application Security Engineer that wants to work with Veeva’s product teams to secure their applications. This role has a broad scope, ranging from assisting with managing our SAST/SCA environment to developing Dev Sec Ops automation services, and system integrations using APIs, Webhooks, or other custom integrations of Veeva’s infrastructure. Development of automated processes of security tools, coloration of data through analytics, and design of integrated dashboard tools across our multiple platforms. You will be working as a security expert supporting our product development teams on code quality issues and findings.

What You'll Do

Support Checkmarx SAST & SCA platform, tuning and supporting product development Assist application product teams with scan automation via pipeline build such as Jenkins or CI/CD Automation of security tools into the DevSecOps processes Create best practices, system troubleshooting, or process documentation Write code supporting data lake and data warehouse collection and data transformation processes Maintain security infrastructure, tools, and systems Integration of security tools through APIs, webhook, or other custom integration Conduct full life cycle engagements with business units independently or as part of a team Create and maintain integrated security dashboards pulling multiple security systems into a unified global view

Requirements

Bachelor of Science in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years as a security engineer or application developer Knowledge and understanding in various disciplines such as security engineering, infrastructure and network security, authentication and security Knowledge of protocols, cryptography, or application security Experience with interpreted or compiled languages: Python, Java, React, Ruby, Perl, PHP, C/C++, C# Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs, Azure, and Alibaba Cloud

Nice to Have

Bachelor of Science in Cyber Security, Information Security, MIS, or equivalent Experience in Web and Mobile (Android/iOS) based application/service assessment Knowledge of fuzzing, memory corruption, and exploit development Familiar with Jenkins, Bamboo, CI/CD Pipelines, and other automation tools Experience with Big Data technologies such as Elastic, Cloudera, Hadoop, Datadog, or others Experience maintaining security tools and automation scripts to streamline security processes