Security Engineer - Web Application Penetration Testing

Company: Veeva
Location: Boston
Posted on: January 27, 2023

Job Description:

Veeva [NYSE: VEEV] is the leader in cloud-based software for the global life sciences industry. Committed to innovation, product excellence, and customer success, our customers range from the world's largest pharmaceutical companies to emerging biotechs. Veeva's software helps our customers bring medicines and therapies to patients faster.We are the first public company to become a Public Benefit Corporation. As a PBC, we are committed to making the industries we serve more productive, and we are committed to creating high-quality employment opportunities.Veeva is a Work Anywhere company which means that you can choose to work in the environment that works best for you - on any given day. Whether you choose to work remotely from home or work in an office - it's up to you.The RoleVeeva's Security Engineering Team is seeking Red Teamers to help keep Veeva secure and safe from attackers. Our team in Columbus is growing, and we want you to join us The candidate needs to be based in North America and in ET or CT time zones. This role has a broad scope, ranging from attacking Veeva's AWS services, infrastructure and processes, and products. Discovering weaknesses in Veeva's architecture. Working with product and platform teams performing penetration tests on new products. Working with third-party testers and researchers to sharpen our detective and preventative capabilities. This role presents an ultimate test of one's security knowledge and ability, along with the support of a team of highly skilled individuals.What Youu0027ll Do A Red Team Security Engineer at Veeva is expected to be strong in offensive security domains, testing, techniques, and practices. Engineers in this role work closely with application product teams throughout Veeva. Security engineers will provide technical leadership and advice to developers, engineers, and third-party consultants.As a Red Team Engineer, you must show exemplary judgment in making informed technical trade-offs of testing, short-term fixes, long-term security gains, and product team development. You must also demonstrate resilience and navigate difficult situations with composure and tact. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Veeva and its customers secure.Participate in Red Team engagements throughout Veeva with few limits and restrictionsConduct full-cycle engagements with development teams independently, or as part of a teamPerform manual examination of Veeva systems, websites, and networks to discover weaknessesThoroughly document exploits, attack chains, and proof of concept scenarios for technical reviewsCommunicate findings and discoveries to prioritize and execute remediation plansCoordinate findings and remediation from third-party penetration testersMaintain AWS VPC and related testing systems for our internal and third-party testing programsConduct red team, and purple team exercises and coordinate tabletop exercisesPenetration tests of new products, concepts, and pilot productsReview Veeva product release notes and select new features to test throughout the yearRequirements BS in Computer Science or related field, or equivalent work experience2u002B years in an Information Security role, preferably in red teaming, offensive security, penetration testing, reverse engineering, incident response, or vulnerability managementAdvanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application securityExperience with interpreted or compiled languages: Python, Ruby, Perl, PHP, C/Cu002Bu002B, Java, C#Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIsMobile testing on Windows, iOS, and AndroidExperience with various testing tools, such as Netspaker, Kali Linux, Metasploit, Nmap, Nessus, Burp Suite, etc.Familiar with offensive TTPs (Tactics, Techniques, and Procedures) including post-exploitation and lateral movementExperience with Redhat, AWS Linux, AWS Linux 2, Windows Server 2012, 2016 and 2019Understanding of one or more standards: OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standardsNice to Have Industry penetration certifications such as OSCP, GPEN, GXPN, GWAPT, dustry security certifications such as CISSP, CEH, or othersExperience in conducting social engineering-focused assessmentsExperience in CTF competitions, CVE research, and/or Bug Bounty recognitionKnowledge of the MITRE ATT&CK FrameworkExperience in Web and Mobile (Android/iOS) based application/service assessmentExperience in Wireless and Network assessment in enterprise infrastructureExperience in reverse engineering and associated tooling such as IDAExperience in Advanced Persistent Threat exploitsExperience with Web Application Firewalls (WAF), IDS/IPS, or other security platformsKnowledge of fuzzing, memory corruption, and exploit developmentKnowledge about hardware hacking#LI-RemoteUS#BI-RemoteVeeva's headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world. Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at .

Keywords: Veeva, Boston , Security Engineer - Web Application Penetration Testing, Other , Boston, Massachusetts