Security Engineer - Red Team Penetration Testing
New York - New York City
Applications have closed
Veeva Systems
Veeva Systems Inc. is a leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, Veeva has more than 1,100 customers, ranging from the world's largest...We are the first public company to become a Public Benefit Corporation. As a PBC, we are committed to making the industries we serve more productive, and we are committed to creating high-quality employment opportunities.
Veeva is a Work Anywhere company which means that you can choose to work in the environment that works best for you - on any given day. Whether you choose to work remotely from home or work in an office - it’s up to you.
The Role
Veeva’s Security Engineering Team is seeking Red Teamers to help keep Veeva secure and safe from attackers. Our team in Columbus is growing, and we want you to join us! This role has a broad scope, ranging from attacking Veeva’s AWS services, infrastructure and processes, and products. Discovering weaknesses in Veeva’s architecture. Working with product and platform teams performing penetration tests on new products. Working with third-party testers and researchers to sharpen our detective and preventative capabilities. This role presents an ultimate test of one’s security knowledge and ability, along with the support of a team of highly skilled individuals.
What You'll Do
- A Red Team Security Engineer at Veeva is expected to be strong in offensive security domains, testing, techniques, and practices. Engineers in this role work closely with application product teams throughout Veeva. Security engineers will provide technical leadership and advice to developers, engineers, and third-party consultants.
- As a Red Team Engineer, you must show exemplary judgment in making informed technical trade-offs of testing, short-term fixes, long-term security gains, and product team development. You must also demonstrate resilience and navigate difficult situations with composure and tact. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.
- Participate in Red Team engagements throughout Veeva with few limits and restrictions
- Conduct full-cycle engagements with development teams independently, or as part of a team
- Perform manual examination of Veeva systems, websites, and networks to discover weaknesses
- Thoroughly document exploits, attack chains, and proof of concept scenarios for technical reviews
- Communicate findings and discoveries to prioritize and execute remediation plans
- Coordinate findings and remediation from third-party penetration testers
- Maintain AWS VPC and related testing systems for our internal and third-party testing programs
- Conduct red team, and purple team exercises and coordinate tabletop exercises
- Penetration tests of new products, concepts, and pilot products
- Review Veeva product release notes and select new features to test throughout the year
Requirements
- BS in Computer Science or related field, or equivalent work experience
- 2+ years in an Information Security role, preferably in red teaming, offensive security, penetration testing, reverse engineering, incident response, or vulnerability management
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
- Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
- Mobile testing on Windows, iOS, and Android
- Experience with various testing tools, such as Netspaker, Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
- Familiar with offensive TTPs (Tactics, Techniques, and Procedures) including post-exploitation and lateral movement
- Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2012, 2016 and 2019
- Understanding of one or more standards: OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards
Nice to Have
- Industry penetration certifications such as OSCP, GPEN, GXPN, GWAPT, etc.
- Industry security certifications such as CISSP, CEH, or others
- Experience in conducting social engineering-focused assessments
- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
- Knowledge of the MITRE ATT&CK Framework
- Experience in Web and Mobile (Android/iOS) based application/service assessment
- Experience in Wireless and Network assessment in enterprise infrastructure
- Experience in reverse engineering and associated tooling such as IDA
- Experience in Advanced Persistent Threat exploits
- Experience with Web Application Firewalls (WAF), IDS/IPS, or other security platforms
- Knowledge of fuzzing, memory corruption, and exploit development
- Knowledge about hardware hacking
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at talent_accommodations@veeva.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs Application security AWS Burp Suite C C++ CEH CISSP Cloud Computer Science Cryptography CTF Exploit Exploits Firewalls GPEN GWAPT GXPN IDS Incident response iOS IPS Java Kali Linux Metasploit MITRE ATT&CK Nessus Network security NIST Nmap Offensive security OSCP Pentesting Perl PHP Python Red team Reverse engineering Ruby SANS TTPs Vulnerability management Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs