Senior Cloud Security Engineer (1420046)

"The successful applicant will be performing work in FedRAMP High or IL-5 environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil. "

Cisco Cloud Security is a leading provider of network security services, enabling the world to connect to the Internet with confidence on any device, anywhere, anytime. We build and operate highly available, distributed cloud-delivered security solutions critical to the success of the next wave of innovation in the security industry.

We are seeking innovative engineers to help us migrate, launch, and deploy the next generation of the entire Umbrella cloud security platform in an AWS GovCloud-native environment. Our mission is to expand our access to the public sector market; our current focus is on growing the platform's FedRAMP (Federal Risk and Authorization Management Program) authorization. FedRamp is a government security certification with exceedingly high standards that requires everything you've ever wanted in a secure infrastructure - precision transformation, consistent backups, centralized & high-performance logging, and alerting. All built with every effective security capability known!

Our team is composed of security and engineering professionals who work in a fast-paced, sometimes ambiguous, and innovative environment. We are in the early stages of designing, building, and operating a new infrastructure that will quickly grow to handle millions of end user seats running highly critical, security-sensitive workloads.

If you've been looking for a massively impactful, high-stakes, and greenfield engineering opportunity, it doesn't get much better than this.

What You'll Do

• Develop and operate the vulnerability management and observability platforms and infrastructure that underpins the Umbrella Federation environment

• Own end to end code/infrastructure releases throughout the different environments supported (dev, stage, prod)

• Implement consistent DevSecOps practices for our Cloud Security organization. Provide thought leadership and domain expertise within Cloud Security to create a commitment to security and privacy.

• Engage with end users to support their vulnerability management needs performing regular onboarding tasks, gathering relevant feedback or collecting new use cases.

• Serve as a Security Engineering SME when interacting with different teams and unblock their security questions/concerns. Work multi-functionally to achieve certification, perform security reviews and remediate audit findings. Chip in to a no-blame philosophy that values learning, visibility, accountability, trust, understanding, and mutual respect.

• Design and implement features and components in a collaborative team-oriented environment. Own the development of functional components.

• Work with Product Management and Legal on privacy impact assessments to ensure the privacy of the platform and update the Cloud Security privacy sheet.

• Assist and ensure engineering teams follow various Cisco- and industry-specific compliance frameworks such as SOC-2, ISO 27001, and FedRAMP / NIST SP 800-53.

• Find opportunities for automation, partner with engineering and security teams on implementing automation

• Mentor engineering teams to become proficient with Dev Sec Ops. Interact collaboratively with peer groups within the larger security team on Trust & Compliance, Security Operations, Risk Management, Security Engineering, and Education activities.

Who You Are

Minimum Qualifications

• Minimum of 5 years of experience in the design, build, scaling, and management of enterprise applications in cloud-native environments, with a strong preference for candidates with Amazon Web Services (AWS) expertise. Familiarity with a range of AWS services such as Secret Manager, IAM, Lambda, EKS, ECS, CloudWatch, Kinesis, Inspector, or EC2.

• At least 2 years of experience with the ServiceNow platform, including the development of custom integrations with vulnerability scanners and observability platforms, the creation of ticketing workflows, and the design of dashboards, reports, and automation solutions.

• Proficiency in programming with a minimum of 2 year of experience in Python, Golang, Javascript, or similar scripting languages, with a focus on building cloud-native applications.

• Over 1 year of practical DevOps/DevSecOps experience in cloud-native SaaS environments, including the design and build of CI/CD pipelines, the use of Docker containers, and the implementation of strategies for high availability, disaster recovery, and automated monitoring & alerting.

• Experience of at least 1 year with infrastructure-as-code (IaC) tools, specifically Terraform and Terragrunt, to automate the provisioning and management of cloud infrastructure.

Preferred Qualifications

• Experience with designing, building, and maintaining infrastructures that meet exacting compliance requirements such as FedRAMP, IL4/IL5.

• Proficiency in the use of observability platforms such as Datadog or Grafana Enterprise, with expertise in using these tools to enhance system observability and performance.

• A deep understanding of continuous monitoring practices, including asset inventory and vulnerability management, as well as knowledge of testing methodologies and techniques suitable for cloud-native environments.

• Familiarity with leading industry-standard DevOps and Security practices, processes, frameworks, and technologies tailored for global cloud native SaaS applications.

• A world-class engineer who thrives in a multi-functional, diverse, and Agile DevOps team environment, demonstrating collaboration, compassion, and a commitment to excellence. Excellent communication skills are essential, both oral and written, with an ability to articulate ideas and engage effectively with team members, fostering an innovative and inclusive culture.

Why Cisco?

WeAreCisco. We are all unique, but collectively we bring our talents to work as a team, to develop innovative technology and power a more inclusive, digital future for everyone. How do we do it? Well, for starters - with people like you!

Nearly every internet connection around the world touches Cisco. We're the Internet's optimists. Our technology makes sure the data traveling at light speed across connections does so securely, yet it's not what we make but what we make happen which marks us out. We're helping those who work in the health service to connect with patients and each other; schools, colleges, and universities to teach in even the most challenging of times. We're helping businesses of all shapes and sizes to connect with their employees and customers in new ways, providing people with access to the digital skills they need and connecting the most remote parts of the world - whether through 5G, or otherwise.

We tackle whatever challenges come our way. We have each other's backs, we recognize our accomplishments, and we grow together. We celebrate and support one another - from big and small things in life to big career moments. And giving back is in our DNA (we get 10 days off each year to do just that).

We know that powering an inclusive future starts with us. Because without diversity and a dedication to equality, there is no moving forward. Our 30 Inclusive Communities, that bring people together around commonalities or passions, are leading the way. Together we're committed to learning, listening, caring for our communities, whilst supporting the most vulnerable with a collective effort to make this world a better place either with technology, or through our actions.

So, you have colorful hair? Don't care. Tattoos? Show off your ink. Like polka dots? That's cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us! #WeAreCisco

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.

Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.