Director, Security Operations

Quality, Security, & Compliance Columbus, Ohio


Job Summary

As Director, Security Operations, you are a highly motivated and experienced technical leader focusing on leading the Security Operations team and will report to the CISO. You will design, implement, and maintain the detection, response, and threat intelligence processes at Veeva addressing attacks against Veeva employees, infrastructure, platforms or services.

Responsibilities

  • Oversee threat management and security incident handling, including the coordination of investigations and reporting of security incidents to senior management
  • Develop of consolidated security, traffic, application and system logs and other audit trails on a regular basis for indications of attacks
  • Establish and design the security operations team to provide a 24/7 security incident response capability
  • Ensure all SecOps processes have runbooks, and automated processes and responses
  • Monitor and ensure that all security operations tools are operational and up to date leveraging as many features and components as reasonable possible
  • Monitor Veeva infrastructure and applications for compliance with security policies and hardening standards, address deviations in a timely fashion.
  • Maximize SecOps time spent on threat hunting and process improvement by leveraging automation
  • Drive research into threat intelligence and integrate feeds into security event correlation system
  • Provide summary and dashboard reports of the security posture of Veeva infrastructure and applications and coordinate with engineering teams and management on the resolution of issues
  • Support of client and government audits, including evidence narratives, and presentations
  • Maintenance and tuning of data protection system, user behavior analysis, threat analysis and other protection systems
  • Develop and refine metrics, KPI’s and KRI’s
  • Establish 1, 3 & 5-year strategic plans along with tactical execution requirements
  • Vendor negotiations, contract discussions and sourcing experience
  • Project management fundamentals, both Waterfall and Scrum
  • Leadership and employee development and mentoring
  • Resource and Budget planning for the SecOps team

Requirements

  • A bachelor’s degree in computer science, business, information systems (or equivalent)
  • 10 years of experience in IT Management, IT Operations, Information Security or Security Operations
  • Prior demonstrated technical leadership and management in security role with 5 years’ minimum of people-management experience, and 3 years at a senior manager or higher
  • Demonstrated experience in comparative technology reviews and analysis
  • Proven ability to work within a team environment and develop strong security operations leaders
  • Experience monitoring intrusion detection, network security, multiple operating systems (Windows, Linux, etc.), Security Information and Event Management (SIEM) tools and log management, web application firewalls, network vulnerability scanning, and endpoint protection
  • Solid background with Linux (RHEL, AWS Linux) and Windows operating systems
  • Firm understanding of standard protocols, and their expected behavior (DNS, HTTP/S, FTPS, TCP, UDP, etc.)
  • A passion for eliminating manual work and promoting robust automated processes
  • Excellent written visualization and verbal communication skills

Additional Preferred Experience

  • Prior experience in a technology company working closely with product and DevOps engineers on security requirements
  • Experience with DevOps environments, Docker containers, Kubernetes orchestration and AWS security controls a strong plus
  • Familiarity and experience with standards and compliance frameworks including HIPAA, PCI, ISO27001/18, SOC1/2, NIST, CIS
  • Experience with scripting (Python, Perl, PowerShell etc.)
  • Knowledge of various Security Development Lifecycle approaches
  • Collaboration and relationship building:  Building relationships with other stakeholders across Veeva is a must. Strong partnerships with Product Engineering, Technical Operations, and IT will be key to success
  • CISSP certified

First Year Expected

Develop technology roadmaps for security operations and forecast future budget changes

Complete hiring approved headcount for FY19 and FY20

Implement automated security incident response and effective ticket routing logic

Establish regular cadence of vulnerability assessments with appropriate notifications to system owners

Expand SIEM log ingestion and correlation and implement continuous monitoring of “interesting” events

Establish periodic reviews of security tool capabilities and configuration to ensure new threat vectors are addressed

We don’t accept candidates from recruiters or placement agencies. If you have a candidate interested in Veeva, they should apply directly below or at careers@veeva.com. For more information regarding this policy click here.