Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $2B in revenue in our last fiscal year with extensive growth potential ahead.
At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We're not just any public company we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.
As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.
Join us in transforming the life sciences industry, committed to making a positive impact on its customers, employees, and communities.
The Role
This position is directly responsible for proactively discovering, processing, analyzing, and vetting relevant threat information to expedite defense mechanisms as well as the incident response process. The CTI Engineer will organize and vet incoming IOCs, maintain a repository of threat information, enrich information pertaining to incidents, advise leadership of recommended courses of action based on emerging trends, and deliver actionable metrics and threat intelligence reports for a variety of audiences.
What You'll Do
- Leverage a Collection Management Framework (CMF) that organizes all threat intelligence feeds, both internal and external, by indicators and data that can be ascertained as well as the methods in how data is collected, the sources, and the avenues of implementation
- Apply the indicator lifecycle (revealed, matured, utilized) to validate incoming indicators and determine relevance to Veeva Systems by adding context and enrichment
- Detect patterns of ongoing intrusion and intrusion attempts across Veeva and the industry to predict future IOCs and suggest implementations
- Utilize current CTI tools to detect/report on trends to drive decisions influencing defensive operations
- Report meaningful and actionable metrics related to adversarial behavior to drive prioritized defensive actions
- Recommend courses of action (discover, detect, deny, degrade, disrupt, deceive) post-incident
- Support incident responders with relevant IOCs and historical data during ongoing investigations
- Author intelligence reports that address specific intelligence requirements and emerging threats
- Collaborate across other Veeva teams on relevant intelligence of emerging vulnerabilities to prioritize and drive remediation efforts
Requirements
- Strong understanding of the Kill Chain and Diamond models, and means to merge them
- Strong familiarity with some OSINT and proprietary CTI tools, examples as: DomainTools, MISP, YARA, ISAC/ISAO feeds, CyberChef, DataSploit, FireHOL, Maltego, Shodan, ThreatQuotient, Recorded Future Anomali, etc.
- Strong familiarity of modern threats, top delivery vectors, and methods of exploitation
- Experience in delivering adversary-based metrics or authoring/contributing to threat intelligence reports
- Strong experience in organizing, processing, analyzing, and vetting indicators using sorting/processing tools to maintain a current, relevant threat database
- Experience in enriching data of the four atomic indicators (domains, strings, IP addresses, accounts) to deliver additional context to incident responders
- Strong experience in leveraging existing threat intelligence to augment investigations during incident response
- 3+ years of experience in a cyber threat intelligence-related field, or 4+ years of experience in a cybersecurity operations field with at least 2+ years of experience in cyber threat intelligence
Nice to Have
- Threat Intelligence or Intrusion Detection-related certification, such as GCTI, GOSI, CTIA, GCDA, GCIA, CCTIA, CTIP, CPTIA, CRTIA, etc.
- Experience authoring or implementing YARA rules
- Solid background in cloud security principles
- Experience in discovering sensitive data leakage such as credentials, exposed code, brand/organization intelligence, etc.
- Experience in creating and maintaining a prioritized list of crown jewel assets and understanding the top threats against them
Perks & Benefits
- Unlimited PTO
- Veeva Break: entire company takes off the final week of the year, and its paid
- Incredible health, dental, vision plans for employee and family
- Matching 401(k)
- 15% target bonus in the form of company stocks, distributed throughout the year
- $500/yr fitness stipend on any fitness-related product or program
- Free, healthy lunches and snacks served daily at company offices
- Free, onsite gym and fitness classes offered daily
- 2% of salary paid by company for training and development
- 1% of salary paid by company to donate to non-profit of your choice
#LI-RemoteUS
#BI-Remote
Veevas headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.
Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at [email protected]. Position may not be eligible for remote work in Colorado.
