Associate Red Team Engineer

Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $2B in revenue in our last fiscal year with extensive growth potential ahead.
At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We're not just any public company – we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.
As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.
Join us in transforming the life sciences industry, committed to making a positive impact on its customers, employees, and communities.
The Role
Veeva’s Offensive Security Team is seeking an Associate Red Team engineer to help ensure the Veeva product teams are developing secure solutions by detecting vulnerabilities early in the life cycle. This role has a broad scope, ranging from testing/validating Veeva’s AWS services, infrastructure, processes, and products. Discovering weaknesses in Veeva’s architecture, working with product and platform teams, and performing penetration tests on new products are just part of the job. You’ll also be working with third party testers and researchers to sharpen our detective and preventative capabilities.

What You'll Do

• An Associate Red Team Security Engineer at Veeva is expected to be strong in offensive security domains, testing, techniques, and practices. Engineers in this role work closely with application product teams throughout Veeva. Security engineers will provide technical leadership and advice to developers, engineers, and third-party consultants
• As an Associate Red Team Engineer, you must show exemplary judgment in making informed technical trade-offs of testing, short-term fixes, long-term security gains, and product team development. Above all else, a strong sense of customer advocacy is necessary to focus on the ultimate goal of keeping Veeva and its customers secure
• Penetration tests of new products, features, and technologies
• Test web applications, mobile applications, and desktop applications
• Conduct full cycle engagements with development teams independently, or as part of a team
• Assist with automation efforts on the team
• Thoroughly document exploits, attack chain, proof of concept scenarios for technical reviews
• Communicate findings and discoveries to prioritize and execute remediation plans
• Coordinate findings and remediation from third party penetration testers
• Maintain related testing systems for our internal and third-party testing programs
• Conduct red team and purple team exercises
• Review Veeva product release notes and select new features to test throughout the year

Requirements

• BS in Computer Science or related field, or equivalent work experience
• Experience in an Information Security role, preferably in web application penetration testing, offensive security, reverse engineering, or application security
• Experience with various testing tools, such as Burp Suite, Netsparker, Kali Linux, Metasploit, Nmap, Nessus, etc.
• Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Knowledge of detection and remediation of the OWASP Top 10 and SANS Top 25
• Software development experience using Python, Java/Kotlin, Swift, C#, and PHP
• Experience with cloud service providers, preferably AWS and its various technologies and APIs
• Experience with AWS Linux, AWS Linux 2, Windows Server 2012, 2016 and 2019, and Ubuntu

Nice to Have

• Industry penetration certifications such as OSCP, GPEN, GXPN, GWAPT etc.
• Experience with Web Application Firewalls (WAF), IDS/IPS or other security platforms
• Mobile testing on iOS and Android applications as well as OSX and Windows applications
• Experience in conducting phishing exercises
• Experience in CTF competitions, CVE research and/or Bug Bounty recognition
• Experience in reverse engineering and the decompiling of Java
• Experience in Advanced Persistent Threat exploits
• Knowledge of fuzzing, memory corruption, and exploit development
• Industry security certifications such as CISSP, CEH or others

Perks & Benefits

• Medical, dental, vision, and basic life insurance
• Flexible PTO and company paid holidays
• Retirement programs
• 1% charitable giving program

Compensation

• Base pay: $50,000 - $85,000
• The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.

#LI-Remote
Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at talent_accommodations@veeva.com.