San Francisco, CA, 94103, USA
291 days ago
Information Security Engineer, FedRAMP (ThousandEyes)
Who We Are The name ThousandEyes was born from two big ideas: the power to see things not ordinarily possible and the ability to collect insights from a multitude of vantage points. As organizations rely more on cloud services and the Internet, the network has become a black box they can't understand. Our Internet and cloud intelligence platform delivers the only collectively powered view of the Internet, cloud and SaaS platforms, helping enterprises and service providers work together to identify problems before it impacts revenue, damages brand reputation, or halts employee productivity. In August 2020, Cisco Systems completed the acquisition of ThousandEyes, which now forms the ThousandEyes Business Unit within Cisco’s Network Services Business Group and is a foundational component of Cisco’s growing Observability business. About The Role ThousandEyes is seeking an exceptional information security engineer with strong project management skills to support our Information Security and Privacy Risk Management function. This is a combination of project/program management and risk analysis: a hands-on role that requires experience and expertise managing projects and processes related to security of networks, systems and applications. The Information Security Risk Management team is responsible for managing and mitigating risks faced by ThousandEyes to protect its systems, services and data. Our scope includes everything from customer applications to enterprise services that support our business operations. We work cross-functionally with internal teams providing security consulting services while driving new program initiatives. You should be strongly driven and excited about learning new processes. You will be collaborating with ThousandEyes’ project teams to ensure the success of the information security risk management program. We are looking for an information security engineer / project manager that will be aggressive in following up on tasks, achieving deadlines, and holding resource owners accountable to risk remediation plans. The security engineer role will be highly engaged with all aspects of the risk assessment process. A successful candidate will need strong project management fundamentals and excellent communication skills. What You’ll Do * Analyze vulnerabilities to determine risk, and remediation and/or mitigation steps * Track remediation tasks, engage with systems/services owners and stakeholders to ensure vulnerability management compliance * Investigate and report threats or software issues, recommend and drive remediation * Assist with enterprise-wide risk assessment processes and specifically with application security assessments * Coordinate cross-functional team meetings to remediate previously identified security risks and close out pending action plans * Proactively assess potential areas of risk and opportunities of vulnerability in the network * Interact with internal and external customers on security-related projects and operational tasks * The individual must have a strong background in Python, shell scripting, and database knowledge. He/she/they must possess strong organizational skills, be action oriented, results driven, and work with minimal direction. Qualifications * The successful applicant will be performing work in FedRAMP Moderate or FedRAMP High environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil. * 5 to 7 years of experience in the Information Security or related domain[s] * BS or MS degree in Computer Science (or equivalent) * Practical use and implementation of information security principles and practices; Understanding of IT methodologies, such as the software development lifecycle, secure infrastructure as code and related operations * Familiar with vulnerability management tools * Understanding of cloud computing services * Strong scripting skills, automation and containerization Preferred Qualifications * Technology and compliance knowledge of the following: * Python, Bash, Qualys, Rapid7, Nessus, SIEMs, Docker, Linux, Amazon Web Services, LAN and WAN, VMWare/Virtualization, Firewalls, Access Controls, Authentication/Authorization, Encryption, FIPS 140-2 / FIPS 140-3, IPS, SSL, VPN, IPSec, TCP/IP, DNS, OWASP, CDN, & Proxy Services. Cisco values the perspectives and skills that emerge from employees with diverse backgrounds. That's why Cisco is expanding the boundaries of discovering top talent by not only focusing on candidates with educational degrees and experience but also placing more emphasis on unlocking potential. We believe that everyone has something to offer and that diverse teams are better equipped to solve problems, innovate, and create a positive impact. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification. Research shows that people from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy. We urge you not to prematurely exclude yourself and to apply if you're interested in this work. Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records. US - COMPENSATION RANGE - MESSAGE TO APPLICANTS 121600 USD - 201400 USD Message to applicants applying to work in the U.S.: When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process. U.S. employees have [1] access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday, plus a day off for their birthday. Employees accrue up to 20 days of Paid Time Off (PTO) each year and have access to paid time away to deal with critical or emergency issues without tapping into their PTO. We offer additional paid time to volunteer and give back to the community. Employees are also able to purchase company stock through our Employee Stock Purchase Program. Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco pays at the standard rate of 1% of incentive target for each 1% revenue attainment against the quota up to 100%. Once performance exceeds 100% quota attainment, incentive rates may increase up to five times the standard rate with no cap on incentive compensation. For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid. References Visible links 1. https://www.cisco.com/c/en/us/about/careers/we-are-cisco/benefits-and-perks.html Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.
Confirm your E-mail: Send Email