Director, Security Operations in Columbus, OH

$200K - $250K(Ladders Estimates)

Veeva Systems Inc   •  

Columbus, OH 43085

Industry: Enterprise Technology

  •  

8 - 10 years

Posted 55 days ago

At Veeva, we build enterprise cloud technology that powers the biggest names in the pharmaceutical, biotech, consumer goods, chemical & cosmetics industries. Our customers make vaccines, life-saving medicines, and life-enhancing products that make a difference in everyday lives. Our technology has transformed these industries; enabling them to get critical products and services to market faster. Our core values, Do the Right Thing, Customer Success, Employee Success, and Speed, guide us as we make our customers more efficient and effective in everything they do.


The Role


As Director, Security Operations, you are a highly motivated and experienced technical leader focusing onleading the Security Operations team and will report to the CISO. You will design, implement, and maintain the detection, response, and threat intelligence processes at Veeva addressing attacks against Veeva employees, infrastructure, platforms or services.

What You'll Do

  • Oversee threat management and security incident handling, including the coordination of investigations and reporting of security incidents to senior management
  • Develop of consolidated security, traffic, application and system logs and other audit trails on a regular basis for indications of attacks
  • Establish and design the security operations team to provide a 24/7 security incident response capability
  • Ensure all SecOps processes have runbooks, and automated processes and responses
  • Monitor and ensure that all security operations tools are operational and up to date leveraging as many features and components as reasonable possible
  • Monitor Veeva infrastructure and applications for compliance with security policies and hardening standards, address deviations in a timely fashion.
  • Maximize SecOps time spent on threat hunting and process improvement by leveraging automation
  • Drive research into threat intelligence and integrate feeds into security event correlation system
  • Provide summary and dashboard reports of the security posture of Veeva infrastructure and applications and coordinate with engineering teams and management on the resolution of issues
  • Support of client and government audits, including evidence narratives, and presentations
  • Maintenance and tuning of data protection system, user behavior analysis, threat analysis and other protection systems
  • Develop and refine metrics, KPI's and KRI's
  • Establish 1, 3 & 5-year strategic plans along with tactical execution requirements
  • Vendor negotiations, contract discussions and sourcing experience
  • Project management fundamentals, both Waterfall and Scrum
  • Leadership and employee development and mentoring
  • Resource and Budget planning for the SecOps team

  • First Year Expected
  • Develop technology roadmaps for security operations and forecast future budget changes
  • Complete hiring approved headcount for FY19 and FY20
  • Implement automated security incident response and effective ticket routing logic
  • Establish regular cadence of vulnerability assessments with appropriate notifications to system owners
  • Expand SIEM log ingestion and correlation and implement continuous monitoring of "interesting" events
  • Establish periodic reviews of security tool capabilities and configuration to ensure new threat vectors are addressed

Requirements

  • A bachelor's degree in computer science, business, information systems (or equivalent)
  • 10 years of experience in IT Management, IT Operations, Information Security or Security Operations
  • Prior demonstrated technical leadership and management in security role with 5 years' minimum of people-management experience, and 3 years at a senior manager or higher
  • Demonstrated experience in comparative technology reviews and analysis
  • Proven ability to work within a team environment and develop strong security operations leaders
  • Experience monitoring intrusion detection, network security, multiple operating systems (Windows, Linux, etc.), Security Information and Event Management (SIEM) tools and log management, web application firewalls, network vulnerability scanning, and endpoint protection
  • Solid background with Linux (RHEL, AWS Linux) and Windows operating systems
  • Firm understanding of standard protocols, and their expected behavior (DNS, HTTP/S, FTPS, TCP, UDP, etc.)
  • A passion for eliminating manual work and promoting robust automated processes
  • Excellent written visualization and verbal communication skills

Nice To Have

  • Prior experience in a technology company working closely with product and DevOps engineers onsecurity requirements
  • Experience with DevOps environments, Docker containers, Kubernetes orchestration and AWS security controls a strong plus
  • Familiarity and experience with standards and compliance frameworks including HIPAA, PCI, ISO27001/18, SOC1/2, NIST, CIS
  • Experience with scripting (Python, Perl, PowerShell etc.)
  • Knowledge of various Security Development Lifecycle approaches
  • Collaboration and relationship building: Building relationships with other stakeholders across Veeva is a must. Strong partnerships with Product Engineering, Technical Operations, and IT will be key to success
  • CISSP certified

Perks & Benefits

  • Flexible PTO
  • Healthy, free, provided lunches and snacks every day
  • Allocations for continuous learning & development
  • Discounted gym membership


Valid Through: 2019-10-14