Security Engineer - Web Application Penetration Testing
Company: Veeva
Location: Boston
Posted on: January 27, 2023
|
|
Job Description:
Veeva [NYSE: VEEV] is the leader in cloud-based software for the
global life sciences industry. Committed to innovation, product
excellence, and customer success, our customers range from the
world's largest pharmaceutical companies to emerging biotechs.
Veeva's software helps our customers bring medicines and therapies
to patients faster.We are the first public company to become a
Public Benefit Corporation. As a PBC, we are committed to making
the industries we serve more productive, and we are committed to
creating high-quality employment opportunities.Veeva is a Work
Anywhere company which means that you can choose to work in the
environment that works best for you - on any given day. Whether you
choose to work remotely from home or work in an office - it's up to
you.The RoleVeeva's Security Engineering Team is seeking Red
Teamers to help keep Veeva secure and safe from attackers. Our team
in Columbus is growing, and we want you to join us The candidate
needs to be based in North America and in ET or CT time zones. This
role has a broad scope, ranging from attacking Veeva's AWS
services, infrastructure and processes, and products. Discovering
weaknesses in Veeva's architecture. Working with product and
platform teams performing penetration tests on new products.
Working with third-party testers and researchers to sharpen our
detective and preventative capabilities. This role presents an
ultimate test of one's security knowledge and ability, along with
the support of a team of highly skilled individuals.What Youu0027ll
Do A Red Team Security Engineer at Veeva is expected to be strong
in offensive security domains, testing, techniques, and practices.
Engineers in this role work closely with application product teams
throughout Veeva. Security engineers will provide technical
leadership and advice to developers, engineers, and third-party
consultants.As a Red Team Engineer, you must show exemplary
judgment in making informed technical trade-offs of testing,
short-term fixes, long-term security gains, and product team
development. You must also demonstrate resilience and navigate
difficult situations with composure and tact. Above all else, a
strong sense of customer obsession is necessary to focus on the
ultimate goal of keeping Veeva and its customers secure.Participate
in Red Team engagements throughout Veeva with few limits and
restrictionsConduct full-cycle engagements with development teams
independently, or as part of a teamPerform manual examination of
Veeva systems, websites, and networks to discover
weaknessesThoroughly document exploits, attack chains, and proof of
concept scenarios for technical reviewsCommunicate findings and
discoveries to prioritize and execute remediation plansCoordinate
findings and remediation from third-party penetration
testersMaintain AWS VPC and related testing systems for our
internal and third-party testing programsConduct red team, and
purple team exercises and coordinate tabletop exercisesPenetration
tests of new products, concepts, and pilot productsReview Veeva
product release notes and select new features to test throughout
the yearRequirements BS in Computer Science or related field, or
equivalent work experience2u002B years in an Information Security
role, preferably in red teaming, offensive security, penetration
testing, reverse engineering, incident response, or vulnerability
managementAdvanced knowledge and understanding in various
disciplines such as security engineering, system and network
security, authentication and security protocols, cryptography, and
application securityExperience with interpreted or compiled
languages: Python, Ruby, Perl, PHP, C/Cu002Bu002B, Java,
C#Experience with cloud service providers and their offerings,
preferably AWS and its various technologies and APIsMobile testing
on Windows, iOS, and AndroidExperience with various testing tools,
such as Netspaker, Kali Linux, Metasploit, Nmap, Nessus, Burp
Suite, etc.Familiar with offensive TTPs (Tactics, Techniques, and
Procedures) including post-exploitation and lateral
movementExperience with Redhat, AWS Linux, AWS Linux 2, Windows
Server 2012, 2016 and 2019Understanding of one or more standards:
OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security
standardsNice to Have Industry penetration certifications such as
OSCP, GPEN, GXPN, GWAPT, dustry security certifications such as
CISSP, CEH, or othersExperience in conducting social
engineering-focused assessmentsExperience in CTF competitions, CVE
research, and/or Bug Bounty recognitionKnowledge of the MITRE
ATT&CK FrameworkExperience in Web and Mobile (Android/iOS)
based application/service assessmentExperience in Wireless and
Network assessment in enterprise infrastructureExperience in
reverse engineering and associated tooling such as IDAExperience in
Advanced Persistent Threat exploitsExperience with Web Application
Firewalls (WAF), IDS/IPS, or other security platformsKnowledge of
fuzzing, memory corruption, and exploit developmentKnowledge about
hardware hacking#LI-RemoteUS#BI-RemoteVeeva's headquarters is
located in the San Francisco Bay Area with offices in more than 15
countries around the world. Veeva is an equal opportunity employer.
All qualified applicants will receive consideration for employment
without regard to race, color, sex, sexual orientation, gender
identity or expression, religion, national origin or ancestry, age,
disability, marital status, pregnancy, protected veteran status,
protected genetic information, political affiliation, or any other
characteristics protected by local laws, regulations, or
ordinances. If you need assistance or accommodation due to a
disability or special need when applying for a role or in our
recruitment process, please contact us at .
Keywords: Veeva, Boston , Security Engineer - Web Application Penetration Testing, Other , Boston, Massachusetts
Click
here to apply!
|