INFORMATION SECURITY ENGINEER, FEDRAMP
Company: ThousandEyes
Location: San Francisco
Posted on: September 29, 2024
|
|
Job Description:
Who We AreCisco ThousandEyes is a Digital Experience Assurance
platform that empowers organizations to deliver flawless digital
experiences across every network - even the ones they don't own.
Powered by AI and an unmatched set of cloud, internet and
enterprise network telemetry data, ThousandEyes enables IT teams to
proactively detect, diagnose, and remediate issues - before they
impact end- user experiences.ThousandEyes is deeply integrated
across the entire Cisco technology portfolio and beyond, helping
customers deploy at scale while also delivering AI-powered
assurance insights within Cisco's leading Networking, Security,
Collaboration, and Observability portfolios.About the
RoleThousandEyes is seeking a talented and experienced Information
Security Engineer to join our dynamic team. This role is critical
in ensuring our compliance with FedRAMP requirements and
maintaining our high standards of security. As an Information
Security Engineer, you will play a pivotal role in interpreting
compliance controls for engineering staff, building and
implementing automation, and managing vulnerabilities, particularly
in the Continuous Monitoring (ConMon) space. You will be
responsible for driving projects from inception to to successful
completion, ensuring our security measures are robust and
up-to-date.What You'll DoSecurity Assessments:Conduct comprehensive
security assessments of cloud environments leveraging NIST SP 800
series publications.Identify vulnerabilities and risks related to
FedRAMP compliance.Provide detailed recommendations to mitigate
risks leveraging the RMF and any other resources approved by the
Federal Government/Agencies and best practices.FedRAMP
Compliance:Ensure all systems and services comply with FedRAMP
requirements.Respond to technical inquiries and provide expert
advice on FedRAMP compliance.Collaborate with external auditors
during FedRAMP reviews and audits, providing precise and detailed
responses.Implementation of Security Controls:Implement and oversee
technical and administrative security controls based on FedRAMP
standards.Manage data encryption, authentication, authorization,
access controls, and data protection leveraging FIPS 199, 140-2,
and 140-3.Configure and maintain security tools and monitoring
technologies to ensure continuous FedRAMP compliance.Technical
Advisory:Provide technical advice to development and operations
teams on security best practices and FedRAMP compliance.Assist in
troubleshooting technical issues related to security and
compliance.Stay updated on the latest security threats, compliance
trends, and changes in FedRAMP requirements.Infrastructure as Code
and Automation:Utilize tools like Kubernetes and Terraform to
automate and manage security controls.Develop and maintain scripts
to automate security processes and compliance checks.Ensure that
infrastructure is secure by design and adheres to FedRAMP
requirements.QualificationsEducation: Bachelor's degree in Computer
Science, Information Security, or a related
field.Experience:Minimum of 5-7 years of experience in information
security, with a specific focus on FedRAMP compliance.Proven
experience in assessing and mitigating security risks in cloud and
on-premises environments.Specific experience working with cloud
technologies such as AWS GovCloud, Google Cloud for Government
and/or Azure GovernmentTechnical Knowledge:Mastery of FedRAMP
standards and requirements.Extensive knowledge of implementing
security controls, including encryption, authentication, and access
controls.Familiarity with security assessment and monitoring tools
and technologies.Experience with Kubernetes and Terraform for
infrastructure management.Proficiency in scripting languages (e.g.,
Python, Bash) for automation.Skills:Excellent verbal and written
communication skills, with the ability to explain complex technical
concepts to non-technical audiences.Ability to work independently
and as part of a team, managing multiple tasks and projects
simultaneously.Strong analytical and problem-solving
skills.Preferred QualificationsExperience in automating security
and compliance processes.Advanced scripting or programming skills
for automation and security analysis.Additional relevant
certifications, such as AWS Certified Security, Microsoft
Certified: Azure Security Engineer, or Google Professional Cloud
Security Engineer.Certifications: Security certifications such as
CISSP, CISM, CISA, or equivalent.Cisco values the perspectives and
skills that emerge from employees with diverse backgrounds. That's
why Cisco is expanding the boundaries of discovering top talent by
not only focusing on candidates with educational degrees and
experience but also placing more emphasis on unlocking potential.
We believe that everyone has something to offer and that diverse
teams are better equipped to solve problems, innovate, and create a
positive impact.We encourage you to apply even if you do not
believe you meet every single qualification. Not all strong
candidates will meet every single qualification. Research shows
that people from underrepresented groups are more prone to
experiencing imposter syndrome and doubting the strength of their
candidacy. We urge you not to prematurely exclude yourself and to
apply if you're interested in this work.Cisco is an Affirmative
Action and Equal Opportunity Employer and all qualified applicants
will receive consideration for employment without regard to race,
color, religion, gender, sexual orientation, national origin,
genetic information, age, disability, veteran status, or any other
legally protected basis. Cisco will consider for employment, on a
case by case basis, qualified applicants with arrest and conviction
records. -US - COMPENSATION RANGE - MESSAGE TO APPLICANTS125400 USD
- 184600 USDMessage to applicants applying to work in the U.S.:When
available, the salary range posted for this position reflects the
projected hiring range for new hire, full-time salaries in U.S.
locations, not including equity or benefits. For non-sales roles
the hiring ranges reflect base salary only; employees are also
eligible to receive annual bonuses. Hiring ranges for sales
positions include base and incentive compensation target.
Individual pay is determined by the candidate's hiring location and
additional factors, including but not limited to skillset,
experience, and relevant education, certifications, or training.
Applicants may not be eligible for the full salary range based on
their U.S. hiring location. The recruiter can share more details
about compensation for the role in your location during the hiring
process.U.S. employees have access to quality medical, dental and
vision insurance, a 401(k) plan with a Cisco matching contribution,
short and long-term disability coverage, basic life insurance and
numerous wellbeing offerings. Employees receive up to twelve paid
holidays per calendar year, which includes one floating holiday,
plus a day off for their birthday. Employees accrue up to 20 days
of Paid Time Off (PTO) each year and have access to paid time away
to deal with critical or emergency issues without tapping into
their PTO. We offer additional paid time to volunteer and give back
to the community. Employees are also able to purchase company stock
through our Employee Stock Purchase Program.Employees on sales
plans earn performance-based incentive pay on top of their base
salary, which is split between quota and non-quota components. For
quota-based incentive pay, Cisco pays at the standard rate of 1% of
incentive target for each 1% revenue attainment against the quota
up to 100%. Once performance exceeds 100% quota attainment,
incentive rates may increase up to five times the standard rate
with no cap on incentive compensation. For non-quota-based sales
performance elements such as strategic sales objectives, Cisco may
pay up to 125% of target. Cisco sales plans do not have a minimum
threshold of performance for sales incentive compensation to be
paid.
Keywords: ThousandEyes, San Francisco , INFORMATION SECURITY ENGINEER, FEDRAMP, Engineering , San Francisco, California
Click
here to apply!
|