Senior Vulnerability Management Engineer

Ohio - Columbus

Full Time Senior level / Expert
Veeva Systems logo
Veeva Systems
Apply now Apply later

Posted 1 month ago

At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.
The Role
As the Sr. Vulnerability Management Engineer, you will play a lead role in driving the strategy, evaluation, process, execution, and operations of the vulnerability management program at Veeva.  You will be responsible for vulnerability identification, analysis, communication, and remediation against common vulnerabilities.  This role is accountable for investigating, assessing, and monitoring potential security vulnerabilities.  Partner with each functional area to overlay vulnerability data with system knowledge to identify where compensating controls or deep system knowledge can be applied to lower (or raise) the effective risk ratings.

What You'll Do

  • Oversee the day-to-day operations of the vulnerability management program across Veeva
  • Provide strategic direction and oversight to the vulnerability management team efforts that support Security Operations
  • Develop working partnerships with stakeholders to ensure systems are effectively scanned and remediated
  • Develop processes, playbooks, and run-books for vulnerability management
  • Run and support vulnerability management scans across all Veeva systems
  • Act as the primary point of contact for vulnerability management and articulate vulnerability complexity/remediation strategies to business partners
  • Interpret vulnerability assessment results, assist in the remediation prioritization efforts, and report findings
  • Establish and maintain vulnerability metrics/KPI's and regular reporting mechanisms for measuring compliance of vulnerability management projects
  • Validate proper mitigation controls are in place until remediation activities are complete
  • Benchmark golden images to ensure compliance against industry standards
  • Maintain patch and vulnerability management best practices to protect against the exploitation of known/detected vulnerabilities
  • Conduct research on the latest vulnerabilities and exploits
  • Execute the Vulnerability Management roadmap, strategy, and playbooks in partnership with appropriate product teams across technology and business units
  • Conduct investigations using software, technology inventories, patch status, and vulnerability exposure
  • Establishes strong working relationships with products teams to ensure vulnerability compliance objectives are met. Acts as the primary point of contact for Vulnerability Management
  • Provide and demonstrate strong leadership, and organizational abilities applied across a large team with diverse skills

Requirements

  • Experience with various vulnerability assessment and management solutions (Qualys, Tenable, Rapid 7, etc.)
  • Experience with patch management processes across infrastructure, applications, and containers
  • Understanding of DevSecOps best practices
  • Understanding of Cloud and Container Vulnerability Management, Windows/Unix Operating systems, Application security, and network architectures
  • Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
  • Strong understanding of network services, vulnerabilities, and attacks
  • Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in the configuration of web servers, file servers, and workstations
  • Knowledge of vulnerability management lifecycle (familiar with CVEs, CVSS, and Mitre) 
  • Excellent written and oral communication skills
  • Experience with Microsoft and Unix-based operating systems

Nice to Have

  • Experience using CVSS calculations to define vulnerable and impacted components to clarify the importance
  • Team lead experience in engineering, architecture, application development, information security, or operations
  • Experience in cloud environments (AWS, Azure, GCP) and capabilities
  • Masters degree in Computer Science, Information Systems, or equivalent
  • Understanding of cloud and container vulnerability management process
  • Security Certifications (i.e. AWS Security, Azure Security Engineer, Security+, CISSP, CEH, SANS, etc.)
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.
Job tags: Architecture AWS Azure CEH CISSP Qualys SANS Strategy Unix Vulnerabilities Vulnerability management Windows
Job region(s): North America
Share this job: