Vulnerability Management Engineer
Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $2B in revenue in our last fiscal year with extensive growth potential ahead.At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We're not just any public company – we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.Join us in transforming the life sciences industry, committed to making a positive impact on its customers, employees, and communities.The RoleThis role needs an experienced Vulnerability Management Engineer to engage and innovate the vulnerability management lifecycle, including: scanning, detection, reporting, remediation, and verification. The Engineer will collaborate with many teams company-wide to prioritize and assess vulnerabilities against important business considerations. Success is determined by a thorough and sustainable mechanism to address vulnerabilities and issues identified in maintaining compliance with ISO 27001, CIS, and SOC standards.
What You'll Do
- Process and author vulnerability report mechanisms that align with multiple unique internal customer requirements
- Suggest alternative solutions to patching vulnerabilities to mitigate the risks associated with them
- Serve as the advisor and consultant of different IT and product teams, understanding their environments and compensating controls to ensure focus on most critical vulnerabilities
- Collect and process vulnerability lifecycle evidence during audits
- Contribute to the development of policies regarding vulnerability management in order to adapt to changes within the Veeva environment
- Prepare key metrics for IT and product teams’ leadership to influence vulnerability and finding prioritizations
- Maintain excellent awareness of the status of all on-prem and cloud devices’ reporting capabilities to the overarching tool suite and take prompt action to ensure proper functionality and health of the tools
- Develop and execute strategy and roadmaps to continually evolve and automate the vulnerability management program
- Collaborate with various product teams to identify gaps and pitfalls in managing vulnerabilities, and plan, test, and evaluate new processes to address those gaps and pitfalls
- Develop requirements with our vulnerability management tool provider to integrate and optimize the vulnerability management tool suite to match product team requirements
Requirements
- Strong communication skills with tactical personnel and senior-level leadership
- Strong understanding of various methods to address vulnerabilities and maintain compliance
- Strong experience in coordinating with various teams’ solutions to manage and prioritize vulnerability remediation
- Strong experience in evaluating and assessing a vulnerability severity level based on a variety of internal and external factors surrounding it
- Strong experience in vulnerability management tools such as Tenable, Qualys, Wiz, Vicarius, Rapid7, etc
- Strong skills in developing efficient methods to address out-of-compliance or overdue vulnerabilities
- Good experience in parsing vulnerability reports to extract more meaningful data that is relevant to the receiving team or customer
- 3+ years’ experience in Vulnerability Management reporting, tracking, metrics, and scanning and assessing results leading to prioritized actions
- Complex problem-solving skills with the ability to work with minimal supervision
- Legally eligible to work in the United States
Nice to Have
- Strong familiarity with Atlassian Jira and Confluence
- Strong familiarity with scripting languages suitable for automation such as Python
- Strong knowledge of governing regulations such as HIPAA, GDPR, ISO 27001, and SOC 2 compliance standards
- Exceptional skill in Excel data transformations, pivot table creation, and gathering key statistical insights
- Good understanding of attack surface management principles
- Good familiarity with automating scanning results to different reporting media (excel sheets, Jira, etc)
- Good understanding of cloud security principles
- Good familiarity with cloud architectural devices such as dockers, containers, EC2, etc
Perks & Benefits
- Medical, dental, vision, and basic life insurance
- Flexible PTO and company paid holidays
- Retirement programs
- 1% charitable giving program
Compensation
- Base pay: $75,000 - $135,000
- The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.