Associate Vulnerability Management Engineer

The Role

Veeva is looking for a Vulnerability Management Engineer to support the operation and continued development of our vulnerability management lifecycle, including: scanning, detection, reporting, remediation, and verification. This role will collaborate with teams company-wide to prioritize and assess vulnerabilities against real-world threats and important business considerations. Success is determined by a thorough and sustainable mechanism to address vulnerabilities and issues identified in maintaining compliance with ISO 27001, CIS, and SOC standards.

What You’ll Do

• Process and author vulnerability report mechanisms aligned with internal customer requirement
• Serve as advisor for IT and product teams, understanding their environments and compensating controls to ensure focus on most critical vulnerabilities
• Suggest alternative solutions to patching vulnerabilities to mitigate the risks associated with them
• Collect and process vulnerability lifecycle evidence during audits
• Maintain the functionality, health, and reporting capabilities of vulnerability management tooling
• Identify gaps and contribute to the development of policies and procedures for vulnerability management
• Develop and execute strategy and roadmaps to continually evolve and automate the vulnerability management program

Requirements

• 1+ years’ experience in Vulnerability Management reporting, tracking, metrics, and scanning and assessing results leading to prioritized actions
• Hands-on experience in vulnerability management tools such as Tenable, Wiz, Qualys, Rapid7, etc.
• Experience in evaluating and assessing a vulnerability severity level based on a variety of internal and external factors surrounding it
• Strong communication skills with tactical personnel and senior-level leadership
• Understanding of various methods to address vulnerabilities and maintaining compliance
• Strong experience coordinating with multiple teams’ solutions to manage and prioritize remediation
• Good experience in parsing vulnerability reports to extract more meaningful data that is relevant to the receiving team or customer

Nice to Have

• Strong familiarity with Atlassian Jira and Confluence
• Familiarity with scripting languages suitable for automation such as Python
• Knowledge of governing regulations such as HIPAA, GDPR, ISO 27001, and SOC 2 compliance standards
• Exceptional skill in excel data transformations, pivot table creation, and gathering key statistical insights
• Good understanding of attack surface management principles
• Good familiarity in automating scanning results to different reporting media (excel sheets, Jira, etc)
• Good understanding of cloud security principles
• Good familiarity of cloud architectural devices such as dockers, containers, EC2, etc

Perks & Benefits

• Medical, dental, vision, and basic life insurance
• Flexible PTO and company paid holidays
• Retirement programs
• 1% charitable giving program

Compensation

• Base pay: $70,000 - $100,000
• The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.