At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.
As the Associate Vulnerability Management Engineer, you will play a lead role in driving the evaluation, process, execution, development, and operations of the vulnerability management program at Veeva. You will be responsible for vulnerability identification, analysis, communication, and remediation against common vulnerabilities.
What You'll Do
Run and support vulnerability management scans across all Veeva systems.
Act as a primary point of contact for vulnerability management.
Interpret vulnerability assessment results, assist in the remediation prioritization efforts, and report findings.
Establish and maintain vulnerability metrics/KPIs and regular reporting mechanisms for measuring compliance of vulnerability management projects.
Validate proper mitigation controls are in place until remediation activities are complete.
Benchmark golden images to ensure compliance against industry standards.
Maintain patch and vulnerability management best practices to protect against the exploitation of known/detected vulnerabilities.
Conduct research on the latest vulnerabilities and exploits.
Execute the Vulnerability Management roadmap, strategy, and playbooks in partnership with appropriate product teams across technology and business units.
Conduct investigations using software, technology inventories, patch status, and vulnerability exposure.
Establish strong working relationships with product teams to ensure vulnerability compliance objectives are met.
Technical background in Windows/Unix Operating systems, security technologies, and network architectures.
Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls.
Strong understanding of network services, vulnerabilities, and attacks.
Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in the configuration of web servers, file servers, and workstations
Knowledge of vulnerability management lifecycle (familiar with CVEs, CVSS, and Mitre)
Excellent written and oral communication skills
Experience with Microsoft and Unix-based operating systems
Nice to Have
Hands-on experience running vulnerability scanning tools
Understanding of cloud and container vulnerability management process
Security Certifications (i.e. Security+, CISSP, CEH, SANS, etc.)
Veeva's headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances.