Application Security Architect
Role details
Job location
Tech stack
Job description
As an Application Security Architect, you are a security expert and evangelist. You provide subject matter expertise and security guidance to product engineering teams and IT to design and build secure solutions, drive the implementation of security best practices, establish security architecture standards and patterns, and perform security architecture reviews.
You will partner with other security leads to grow the security program, mentor junior security team members, measure adherence, suggest and implement changes, develop roadmaps, present to steering committees and engineering teams, and promote security awareness company wide.
What You'll Do
- Build strong relationships and effectively influence Veeva's product and IT engineering
- Translate security risks to business impact
- Research, prioritize, coordinate, and communicate security solution recommendations
- Provide security architecture advice in support of product application development, cloud infrastructure, and enterprise technology projects
- Perform code analysis, application security reviews, and contribute to the application security training program
- Stay current with security technologies and make usage recommendations
- Maintain an expert knowledge level of Information Security and the related issues, systems, processes, products, and services.
Requirements
- Excellent written and verbal communication
- Ability to evangelize technical security needs to product leadership and engineers
- Broad experience with information, system, and network security concepts and components
- Demonstrated experience with architecture and security reviews, threat modeling applications and identifying areas of risk
- Experience implementing strategies to support secure and compliant architectures
- Deep understanding of the OWASP Top 10 application security risks and how to address them
- Expert knowledge of Amazon AWS, Microsoft Azure or other cloud computing platform offerings and security related services
- Experience with web application security scanning software and related assessment tools such as SAST/DAST/SCA
- Working knowledge of encryption, hashing, secure random number generation, key derivation, key management, digital signatures
- Understanding of internet-scale, distributed, multi-tenant architecture and services.
- Knowledge of Java and the Java Ecosystem. Proficiency with Python, JavaScript and other scripting languages
- BS in Computer Science or equivalent with 10+ years of experience, * Experience with assessing and providing recommendations for securing generative AI solutions
- Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
- Familiar with compliance regulations like; ISO, GDPR, SOC2, SOX
- MS in Cyber Security, Information Security, MIS or equivalent
- Industry security certifications such as CISSP or others
- Experience in Application penetration testing, CTF competitions, CVE research and/or Bug Bounty recognition
- Experience in Web and Mobile (Android/iOS) based application/service assessment
#RemoteUK
Benefits & conditions
As an equal opportunity employer, Veeva is committed to fostering a culture of inclusion and growing a diverse workforce. Diversity makes us stronger. It comes in many forms. Gender, race, ethnicity, religion, politics, sexual orientation, age, disability and life experience shape us all into unique individuals. We value people for the individuals they are and the contributions they can bring to our teams.
