Cyber Threat Intelligence Analyst

Veeva Systems is a mission-driven organization and pioneer in industry cloud, helping life sciences companies bring therapies to patients faster. As one of the fastest-growing SaaS companies in history, we surpassed $3B in revenue in our last fiscal year with extensive growth potential ahead.

At the heart of Veeva are our values: Do the Right Thing, Customer Success, Employee Success, and Speed. We're not just any public company – we made history in 2021 by becoming a public benefit corporation (PBC), legally bound to balancing the interests of customers, employees, society, and investors.

As a Work Anywhere company, we support your flexibility to work from home or in the office, so you can thrive in your ideal environment.

Join us in transforming the life sciences industry, committed to making a positive impact on its customers, employees, and communities.

The Role

This position is responsible for discovering, analyzing, and vetting relevant cyber threat information to produce detection and defensive mechanisms for the SOC. Additionally, the CTI Analyst will author reports to Senior Leadership and other stakeholders to maintain excellent company situational awareness of emerging threats relevant to Veeva. The analyst will also evaluate internal behavioral telemetry and potential risk indicators to identify and mitigate insider threats, ensuring a comprehensive view of the organization's risk profile. A repository of IOCs will be maintained to correlate attack patterns to further predict and defend against adversary personas. Finally, the CTI analyst will aid in the preparation and execution of proactive defense measures.

What You'll Do

Leverage a Collection Management Framework (CMF) that organizes all threat intelligence feeds, both internal and external, by indicators and data that can be ascertained as well as the methods in how data is collected
Report on potential areas of compromise and areas of concern through information provided by threat intelligence sources
Apply the indicator lifecycle (revealed, matured, utilized) to validate incoming indicators and determine relevance to Veeva
Detect patterns of ongoing intrusion and intrusion attempts across Veeva and the industry to predict future IOCs and suggest implementations
Utilize CTI tools to detect/report on trends to drive decisions influencing defensive operations
Report actionable metrics related to adversarial behavior to drive prioritized defensive actions
Support incident responders with relevant IOCs and historical data during ongoing investigations
Author intelligence reports that address intelligence requirements and RFIs from across the company
Support engineers in the preparation, design, and execution of threat hunt missions
Research and analyze adversarial threat behaviors to prepare for emulation exercises to assess controls
Apply threat intelligence methodologies to internal log data and User and Entity Behavior Analytics (UEBA) to detect anomalies indicative of insider compromise or collusion

Requirements

Good understanding of the Kill Chain and Diamond models, and means to merge them
Ability to leverage MITRE ATT&CK in support of CTI reporting
Good familiarity with some OSINT and proprietary CTI tools, examples as: DomainTools, MISP, YARA, ISAC/ISAO feeds, CyberChef, DataSploit, FireHOL, Maltego, Shodan, ThreatQuotient, Recorded Future Anomali, etc.
Good familiarity with modern threats, top delivery vectors, and methods of exploitation
Experience in organizing, processing, analyzing, and vetting indicators using sorting/processing tools to maintain a current, relevant threat database
Experience in leveraging existing threat intelligence to augment investigations during incident response
1+ years of experience in a cyber threat intelligence-related field, or 3+ years of experience in a cybersecurity operations field
Experience analyzing behavioral telemetry and system logs (e.g., SIEM, EDR, UEBA) to identify technical indicators of insider risk
Strong familiarity with different levels of CTI products (Strategic, Operational, Tactical/Technical)
Good understanding of the different phases of the CTI lifecycle (Planning, Collection, Analysis, Production, and dissemination/feedback)

Nice to Have

Threat Intelligence or Intrusion Detection-related certification, such as GCTI, GOSI, CTIA, GCDA, GCIA, CCTIA, CTIP, CPTIA, CRTIA, etc.
Experience in enriching data of the four atomic indicators (domains, strings, IP addresses, accounts) to deliver additional context to incident responders
Solid background in cloud security principles
Experience in creating and maintaining a prioritized list of critical assets and understanding the top threats against them
Experience with threat hunting development
Experience in threat emulation or use of deceptive technologies

Perks & Benefits

Medical, dental, vision, and basic life insurance
Flexible PTO and company paid holidays
Retirement programs
1% charitable giving program

Compensation

Base pay: $75,000 - $125,000
The salary range listed here has been provided to comply with local regulations and represents a potential base salary range for this role. Please note that actual salaries may vary within the range above or below, depending on experience and location. We look at compensation for each individual and base our offer on your unique qualifications, experience, and expected contributions. This position may also be eligible for other types of compensation in addition to base salary, such as variable bonus and/or stock bonus.

#LI-RemoteUS

#LI-Associate

Veeva’s headquarters is located in the San Francisco Bay Area with offices in more than 15 countries around the world.

Veeva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin or ancestry, age, disability, marital status, pregnancy, protected veteran status, protected genetic information, political affiliation, or any other characteristics protected by local laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us at talent_accommodations@veeva.com.

Work Where It’s Best for You

Work Anywhere means you can work in an office or at home on any given day. It’s about getting the work done in the way and place that works best for each person. This applies across all locations and departments.

Work Anywhere does not mean work at any time. We have predictable core hours where employees are generally available for meetings and collaboration. Employees are focused and available during core hours.

We invest in our offices to make them places where our employees like to go. If you work in the office three or more days a week, you will have a dedicated office workspace. Our offices function as hubs to draw people in, create social bonds, and where random connections and mixing of ideas happen. We’re investing more in offices, culture, and offsite meetings, not less.

Product teams are organized in regional product hubs for optimal collaboration and live within a time zone of their hub. Our current product hubs are located in Pleasanton, Columbus, Boston, Kansas City, New York City, Raleigh, and Toronto. We create opportunities for teams to get together in person regularly.

Customer-facing roles, such as Sales and Professional Services, live near and/or travel to their customers.

When an employee moves within a country it does not cause a change in salary. Where you live impacts you and your family. Not knowing if your compensation will change if you move can cause stress and uncertainty for everyone. We wanted to eliminate that.

Work at Veeva. Work where it’s best for you.

A different kind of company. A Public Benefit Corporation.

Unlike a traditional corporation, whose only legal duty is to maximize shareholder value, PBCs consider their public benefit purpose and the interests of those materially affected by the corporation’s conduct—including customers, employees, and the community—in addition to shareholders’ interests.

What sets us apart

In February 2021, Veeva became the first public company to convert to a Public Benefit Corporation (PBC).

Veeva’s public benefit purpose is to help make the industries we serve more productive and create high-quality employment opportunities.

Learn More

Work Anywhere means you can work in an office or at home on any given day. It’s about getting the work done in the way and place that works best for you.

We invest in our offices to make them places where our employees like to go. If you work in the office three or more days a week, you will have a dedicated office workspace.

Product teams are organized in regional product excellence hubs for optimal collaboration and live within a time zone of their hub. Our current product hubs are located in Pleasanton, Columbus, Boston, Kansas City, New York City, Raleigh, and Toronto. We create opportunities for teams to get together in person regularly.

Customer-facing roles, such as Sales and Professional Services, live near and/or travel to their customers.

At Veeva, we believe in giving back. Veeva’s support for charitable causes is entirely employee driven because we think giving is personal and should be directed by the individual. With our 1% Veeva Giving program, each employee receives an amount equivalent to 1% of their base salary annually to support the non-profit(s) of their choice. We don’t dictate favored corporate causes or ask employees to donate to specific non-profits. We never support a charitable cause in exchange for commercial advantage or preferential treatment.

Veeva’s core values — do the right thing, customer success, employee success, and speed — guide our decision making and define our culture. Doing the right thing means that we are concerned about more than just financial success and return to shareholders. We recognize a responsibility to customers, employees, environment, and society.As individuals, we pride ourselves on being good people who are honest, fair, and direct. We treat others with respect. As a company, we strive to be a good corporate citizen, a positive force in the business community, active in our communities, and an example to others.

Our equity program is designed to enable the vast majority of our employees to participate. Our unique approach to awarding equity grants allows our employees to be shareholders so they can benefit financially in the company’s growth.

Veeva has taken a strong stance against the use of non-compete agreements that can limit employee opportunities. We do not require our employees to sign non-compete agreements, and we have taken legal action to fight the unfair use of these agreements by other companies because we believe such agreements limit an employee’s fundamental right to work where they choose. We believe in our people and want them to be successful here at Veeva or wherever their careers take them.

News and recognition

Veeva in Top 100 Most Reliable Companies

Fastest-Growing Company for 5 Years, Future 50 for 2 Years

New York’s Noncompete Bill Is A ‘Big Domino To Fall’—And The Broadest Ban Yet—In A Growing Movement Against Them

Veeva’s Peter Gassner Combine’s Today’s Execution with Tomorrow’s Vision

Grow, contribute and be recognized

“Veeva’s engineering teams take a pragmatic approach to software development. We offer an ideal environment for engineers who value focus, speed and integrity in their work.”

—Jacob Marcus
VP, Engineering

“I appreciate that Veeva values autonomy over alignment. As a result, we get to make decisions as a small team and ship products faster.”

—Shilpa Chandermohan
Software Engineer

“As a software engineer at Veeva, I’m proud to be doing meaningful work building clinical trial software that will benefit so many people.”

—Durward Denham
Software Engineer

Explore all roles at Veeva

Search Jobs