Application Security Architect

Team: Quality & Security & Compliance - EU

Location: United Kingdom - Oxford

Commitment: Full-Time

Workplace Type: remote

What You'll Do

Build strong relationships and effectively influence Veeva’s product and IT engineering
Translate security risks to business impact
Research, prioritize, coordinate, and communicate security solution recommendations
Provide security architecture advice in support of product application development, cloud infrastructure, and enterprise technology projects
Perform code analysis, application security reviews, and contribute to the application security training program
Stay current with security technologies and make usage recommendations
Maintain an expert knowledge level of Information Security and the related issues, systems, processes, products, and services.

Requirements

• Excellent written and verbal communication
• Ability to evangelize technical security needs to product leadership and engineers
• Broad experience with information, system, and network security concepts and components
• Demonstrated experience with architecture and security reviews, threat modeling applications and identifying areas of risk
• Experience implementing strategies to support secure and compliant architectures
• Deep understanding of the OWASP Top 10 application security risks and how to address them
• Expert knowledge of Amazon AWS, Microsoft Azure or other cloud computing platform offerings and security related services
• Experience with web application security scanning software and related assessment tools such as SAST/DAST/SCA
• Working knowledge of encryption, hashing, secure random number generation, key derivation, key management, digital signatures
• Understanding of internet-scale, distributed, multi-tenant architecture and services.
• Knowledge of Java and the Java Ecosystem. Proficiency with Python, JavaScript and other scripting languages
• BS in Computer Science or equivalent with 10+ years of experience

Nice to Have

Experience with assessing and providing recommendations for securing generative AI solutions
Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
Familiar with compliance regulations like; ISO, GDPR, SOC2, SOX
MS in Cyber Security, Information Security, MIS or equivalent
Industry security certifications such as CISSP or others
Experience in Application penetration testing, CTF competitions, CVE research and/or Bug Bounty recognition
Experience in Web and Mobile (Android/iOS) based application/service assessment