Associate Vulnerability Management Engineer

Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $3B in revenue in our last fiscal year with extensive growth potential ahead.

At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We're not just any public company – we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.

As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.

Join us in transforming the life sciences industry , committed to making a positive impact on its customers, employees, and communities.

The Role Veeva is looking for a Vulnerability Management Engineer to support the operation and continued development of our vulnerability management lifecycle, including: scanning, detection, reporting, remediation, and verification. This role will collaborate with teams company-wide to prioritize and assess vulnerabilities against real-world threats and important business considerations. Success is determined by a thorough and sustainable mechanism to address vulnerabilities and issues identified in maintaining compliance with ISO 27001, CIS, and SOC standards.

What You’ll Do

• Process and author vulnerability report mechanisms aligned with internal customer requirement
• Serve as advisor for IT and product teams, understanding their environments and compensating controls to ensure focus on most critical vulnerabilities
• Suggest alternative solutions to patching vulnerabilities to mitigate the risks associated with them
• Collect and process vulnerability lifecycle evidence during audits
• Maintain the functionality, health, and reporting capabilities of vulnerability management tooling
• Identify gaps and contribute to the development of policies and procedures for vulnerability management
• Develop and execute strategy and roadmaps to continually evolve and automate the vulnerability management program

Requirements

• 1+ years’ experience in Vulnerability Management reporting, tracking, metrics, and scanning and assessing results leading to prioritized actions
• Hands-on experience in vulnerability management tools such as Tenable, Wiz, Qualys, Rapid7, etc.
• Experience in evaluating and assessing a vulnerability severity level based on a variety of internal and external factors surrounding it
• Strong communication skills with tactical personnel and senior-level leadership
• Understanding of various methods to address vulnerabilities and maintaining compliance
• Strong experience coordinating with multiple teams’ solutions to manage and prioritize remediation
• Good experience in parsing vulnerability reports to extract more meaningful data that is relevant to the receiving team or customer

Nice to Have

• Strong familiarity with Atlassian Jira and Confluence
• Familiarity with scripting languages suitable for automation such as Python
• Knowledge of governing regulations such as HIPAA, GDPR, ISO 27001, and SOC 2 compliance standards
• Exceptional skill in excel data transformations, pivot table creation, and gathering key statistical insights
• Good understanding of attack surface management principles
• Good familiarity in automating scanning results to different reporting media (excel sheets, Jira, etc)
• Good understanding of cloud security principles
• Good familiarity of cloud architectural devices such as dockers, containers, EC2, etc

Perks & Benefits

• Medical, dental, vision, and basic life insurance
• Flexible PTO and company paid holidays
• Retirement programs
• 1% charitable giving program

Compensation

• Base pay: $70,000 - $100,000
• The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.

#LI-Remote

Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.

Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at [email protected] .