Senior Security Engineer - Red Team
Germany - Frankfurt
Applications have closed
Veeva Systems
Veeva Systems Inc. is a leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, Veeva has more than 1,100 customers, ranging from the world's largest...The Role
Veeva’s Security Engineering Team is seeking Red Teamers to help keep Veeva secure and safe from attackers. This role has a broad scope, ranging from attacking Veeva’s AWS infrastructure, processes, products, and discovering weaknesses in Veeva’s architecture. You’ll also be working with product and platform teams to perform penetration tests on new products. Working with external third-party testers and researchers to sharpen our detective and preventative capabilities.
A Security Engineer at Veeva is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Security, such as the Threat Intelligence, Application Security, and Security Operations teams, as well as provide technical leadership and advice to teams and leaders throughout Veeva. You will be in direct contact with numerous teams in a variety of business platforms, giving you firsthand knowledge about how Veeva is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Veeva to find new ways to break software and processes throughout the company. Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as they discover, invent and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.
This is a Work Anywhere role within Germany. You must be based there and be eligible for employment, as Veeva does not provide support with relocation or employment visa/permit processes.
What You'll Do
- Participate in Red Team engagements throughout Veeva with few limits and restrictions.
- Conduct full-cycle engagements with business units independently, or as part of a team.
- Perform manual examination of client systems, websites, and networks to discover weaknesses.
- Thoroughly document exploit chain/proof of concept scenarios for client consumption.
- Communicate findings and discoveries prioritize and execute remediation plans.
- Train other members of the Red Team, developers, or engineers in the exploits and fixes
- Assist in Security Incident Response and Cyber Forensics during and post an incident and assist in reverse engineering the attack and designing security controls
- Coordinate find remediation from third-party penetration testers
- Review and validate findings from Veeva’s bug bounty program
- Maintain AWS VPC and related testing systems for our third-party testers and bug bounty programs
Requirements
- BSc in Computer Science or related field, or equivalent work experience
- 4+ years in an Information Security role, preferably in red teaming, penetration testing, reverse engineering, incident response, or vulnerability management
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#
- Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
- Experience with various testing tools, such as Netspaker, Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
- Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
- Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2008, 2012, 2016 and 2019 etc.
- Understanding of OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC or other security standards
- Knowledge of the MITRE ATT&CK Framework
- Industry penetration certifications such as OSCP, GPEN, GXPN, GWAPT, etc
Nice to Have
- Master of Science in Cyber Security, Information Security, MIS or equivalent
- Industry security certifications such as CISSP, CEH or others
- Experience in conducting social engineering-focused assessments
- Experience in CTF competitions, CVE research and/or Bug Bounty recognition
- Experience in Web and Mobile (Android/iOS) based application/service assessment
- Experience in Wireless and Network assessment in enterprise infrastructure
- Experience in reverse engineering and associated tooling such as IDA
- Experience in Advanced Persistent Threat exploits
- Experience with Web Application Firewalls (WAF), IDS/IPS or other security platforms
- Knowledge of fuzzing, memory corruption and exploit development
- Knowledge about hardware hacking
- Intermediate to advanced communication and presentation skills
- Experience providing training and mentorship
- Demonstrable teamwork skills and resourcefulness
- Ability to make concrete progress in the face of ambiguity and imperfect knowledge
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is committed to fostering a culture of inclusion and growing a diverse workforce. Diversity makes us stronger. It comes in many forms. Gender, race, ethnicity, religion, politics, sexual orientation, age, disability and life experience shape us all into unique individuals. We value people for the individuals they are and the contributions they can bring to our teams.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs Application security AWS Burp Suite C C++ CEH CISSP Cloud Computer Science Cryptography CTF Exploit Exploits Firewalls Forensics GPEN GWAPT GXPN IDS Incident response iOS IPS Java Kali Linux Metasploit MITRE ATT&CK Nessus Network security NIST Nmap OSCP Pentesting Perl PHP Python Red team Reverse engineering Ruby SANS Threat intelligence TTPs Vulnerability management Windows
Perks/benefits: Relocation support
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Specialist jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs