Senior Threat and Vulnerability Management Engineer

Remote - US

Veeva Systems

Veeva Systems Inc. is a leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, Veeva has more than 1,100 customers, ranging from the world's largest...

View company page

Veeva [NYSE: VEEV] is the leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, our customers range from the world’s largest pharmaceutical companies to emerging biotechs. Veeva’s software helps our customers bring medicines and therapies to patients faster.
We are the first public company to become a Public Benefit Corporation. As a PBC, we are committed to making the industries we serve more productive, and we are committed to creating high-quality employment opportunities.
Veeva is a Work Anywhere company which means that you can choose to work in the environment that works best for you - on any given day.
The Role
As the Senior Threat and Vulnerability Management Engineer, you will play a lead role in driving the strategy, evaluation, process, execution, and operations of the threat intelligence and vulnerability management program at Veeva.  You will primarily be responsible for vulnerability identification, analysis, communication, and remediation against common vulnerabilities.  This role is accountable for collecting, processing, monitoring, and disseminating potential threat intelligence and security vulnerabilities.  Partner with each functional area to overlay threat and vulnerability data with system knowledge to identify where compensating controls or deep system knowledge can be applied to lower (or raise) the effective risk ratings.

What You'll Do

  • Oversee the day to day operations of the threat and vulnerability management program across Veeva
  • Provide strategic direction and oversight to the threat and vulnerability management team efforts that support Security Operations
  • Develop working partnerships with stakeholders to ensure systems are effectively scanned and remediated
  • Develop processes, playbooks, and run-books for threat intelligence and vulnerability management
  • Run and support vulnerability management scans across all Veeva systems
  • Act as primary point of contact for threat intel and vulnerability management and articulate vulnerability complexity / remediation strategies to business partners
  • Interpret vulnerability assessment results, assist in the remediation prioritization efforts, and report findings
  • Establish and maintain vulnerability metrics/KPI's and regular reporting mechanisms for measuring compliance of vulnerability management projects
  • Validate proper mitigation controls are in place until remediation activities are complete
  • Benchmark golden images to ensure compliance against industry standards
  • Maintain patch and vulnerability management best practices to protect against the exploitation of known/detected vulnerabilities
  • Conduct research on the latest threat intel, vulnerabilities, and exploits
  • Execute the Threat Intelligence and Vulnerability Management roadmap, strategy and playbooks in partnership with appropriate product teams across technology and business units
  • Conduct investigations using software, technology inventories, patch status, and vulnerability exposure
  • Establishes strong working relationships with products teams to ensure vulnerability compliance objectives are met. Acts as primary point of contact for Threat Intel and Vulnerability Management
  • Provide and demonstrate strong leadership, and organizational abilities applied across a large team with diverse skills.

Requirements

  • Experience with various vulnerability assessment and management solutions (Qualys, Tenable, Rapid 7, etc.)
  • Experience with patch management processes across infrastructure, applications, and containers
  • Understanding of threat intelligence best practices
  • Understanding of DevSecOps best practices
  • Understanding of Cloud and Container Vulnerability Management, Windows/Unix Operating systems, Application security, and network architectures
  • Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
  • Strong understanding of network services, vulnerabilities and attacks
  • Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in configuration of web servers, file servers, and workstations
  • Knowledge of vulnerability management lifecycle (familiar with CVEs, CVSS, and Mitre) 
  • Excellent written and oral communication skills
  • Experience with Microsoft and Unix-based operating systems

Nice to Have

  • Experience using CVSS calculations to define vulnerable and impacted components to clarify the importance
  • Team lead experience in engineering, architecture, application development, information security, or operations
  • Experience collecting, processing, and disseminating threat intelligence
  • Experience in cloud environments (AWS, Azure, GCP) and capabilities
  • Masters degree in Computer Science, Information Systems, or equivalent
  • Understanding of cloud and container vulnerability management process
  • Security Certifications (i.e. AWS Security, Azure Security Engineer, Security+, CISSP, CEH, SANS, etc.)
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at talent@veeva.com.

Tags: Application security AWS Azure CEH CISSP Cloud Compliance Computer Science CVSS DevSecOps Exploits GCP Monitoring Qualys SANS Strategy Threat intelligence UNIX Vulnerabilities Vulnerability management Windows

Regions: Remote/Anywhere North America
Country: United States
Job stats:  13  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.