Associate Threat and Vulnerability Management Engineer

Ohio - Columbus

Veeva Systems logo
Veeva Systems
Apply now Apply later

Posted 4 weeks ago

At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.
The Role
As the Associate Threat Vulnerability Management Engineer, you will play a lead role in driving the evaluation, process, execution, development, and operations of threat intelligence and vulnerability management program at Veeva.  You will be responsible for threat and vulnerability identification, analysis, communication, and remediation against common vulnerabilities. 

What You'll Do

  • Run and support vulnerability management scans across all Veeva systems
  • Interpret vulnerability assessment results, assist in the remediation prioritization efforts, and report findings
  • Establish and maintain threat intel and vulnerability metrics/KPI's and regular reporting mechanisms for measuring compliance of vulnerability management projects
  • Validate proper mitigation controls are in place until remediation activities are complete
  • Benchmark golden images to ensure compliance against industry standards
  • Maintain patch and vulnerability management best practices to protect against the exploitation of known/detected vulnerabilities
  • Conduct research on the latest threat intel, vulnerabilities, and exploits
  • Execute the Threat Intel and Vulnerability Management roadmap, strategy, and playbooks in partnership with appropriate product teams across technology and business units
  • Conduct investigations using software, technology inventories, patch status, and vulnerability exposure
  • Establishes strong working relationships with products teams to ensure vulnerability compliance objectives are met
  • Acts as the primary point of contact for Vulnerability Management

Requirements

  • Technical background in Windows/Unix Operating systems, security technologies, and network architectures
  • Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
  • Strong understanding of network services, vulnerabilities, and attacks
  • Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in the configuration of web servers, file servers, and workstations
  • Knowledge of vulnerability management lifecycle (familiar with CVEs, CVSS, and Mitre) 
  • Excellent written and oral communication skills
  • Experience with Microsoft and Unix-based operating systems

Nice to Have

  • Hands-on experience running vulnerability scanning tools
  • Understanding of cloud and container vulnerability management process
  • Security Certifications (i.e. Security+, CISSP, CEH, SANS, etc.)
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.
Job tags: CEH CISSP SANS Strategy Threat intelligence Unix Vulnerabilities Vulnerability management Windows
Job region(s): North America
Share this job: