Security Engineer - Red Team

Ohio - Columbus

Veeva Systems logo
Veeva Systems
Apply now Apply later

Posted 1 month ago

At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.
The Role
Veeva’s Security Engineering Team is seeking Red Teamers to help keep Veeva secure and safe from attackers. Our team in Columbus is growing, and we want you to join us! This role has a broad scope, ranging from attacking Veeva’s AWS services, infrastructure and processes, and products.  Discovering weaknesses in Veeva’s architecture.  Working with product and platform teams performing penetration tests on new products.  Working with third-party testers and researchers to sharpen our detective and preventative capabilities. This role presents an ultimate test of one’s security knowledge and ability, along with the support of a team of highly skilled individuals. To simplify it, you get to break all the stuff. 

What You'll Do

  • Participate in Red Team engagements throughout Veeva with few limits and restrictions.
  • Conduct full-cycle engagements with development teams independently, or as part of a team.
  • Perform manual examination of client systems, websites, and networks to discover weaknesses.
  • Thoroughly document exploit chain, proof of concept scenarios for client consumption.
  • Communicate findings and discoveries to prioritize and execute remediation plans.
  • Coordinate findings and remediation from third-party penetration testers.
  • Review and validate findings from Veeva’s bug bounty program
  • Maintain AWS VPC and related testing systems for our third-party testers and bug bounty programs.
  • Conduct red team, purple team, and tabletop exercises throughout the year.
  • Penetration tests of new products, concepts, and pilot products.
  • Review Veeva product release notes and select new features to test throughout the year.

  • A Red Team Security Engineer at Veeva is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Security, such as the Threat Intelligence, Application Security, and Security Operations teams.  You will provide technical leadership and advice to teams and leaders throughout Veeva. You will be in direct contact with application development teams, giving you firsthand knowledge about how Veeva is built and how it operates at a deep technical level. Additionally, you will leverage the knowledge you gain about Veeva to find new ways to break software, processes, and controls throughout the company.
    Red Team Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.

Requirements

  • BS in Computer Science or related field, or equivalent work experience.
  • 2+ years in an Information Security role, preferably in red teaming, penetration testing, reverse engineering, incident response, or vulnerability management.
  • Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security.
  • Experience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/C++, Java, C#.
  • Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs.
  • Experience with various testing tools, such as Netspaker, Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.
  • Familiar with offensive TTPs (Tactics, Techniques, and Procedures) including post-exploitation and lateral movement.
  • Experience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2012, 2016, and 2019.
  • Understanding of one or more standards: OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards.

Nice to Have

  • Industry penetration certifications such as OSCP, GPEN, GXPN, GWAPT, etc
  • Industry security certifications such as CISSP, CEH or others
  • Experience in conducting social engineering-focused assessments
  • Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
  • Knowledge of the MITRE ATT&CK Framework
  • Experience in Web and Mobile (Android/iOS) based application/service assessment
  • Experience in Wireless and Network assessment in enterprise infrastructure
  • Experience in reverse engineering and associated tooling such as IDA
  • Experience in Advanced Persistent Threat exploits
  • Experience with Web Application Firewalls (WAF), IDS/IPS, or other security platforms
  • Knowledge of fuzzing, memory corruption, and exploit development
  • Knowledge about hardware hacking
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.
Job tags: Architecture AWS Burp Suite C CEH CISSP Cryptography CTF GPEN GXPN IDS Incident response IPS Java Kali Linux Metasploit Network security NIST Nmap OSCP Penetration testing Perl PHP Python Red team Ruby SANS Threat intelligence TTPs Vulnerability management Windows
Job region(s): North America
Share this job: