Cisco Cloud Authorization Engineer
Location:Herndon, Virginia, US
Additional Location(s)RTP, NC; Other_Remote
Area of InterestEngineer - Software
**Must be a US Citizen**
What You'll Do
The Cloud Authorization Engineer (CAE) role is to support securing initial global regulatory cloud certifications as well as annual renewals for Cisco cloud offer certifications by:
- providing technical guidance on the implementation and documentation of the cloud certification requirements,
- ensuring each certification is compliant with relevant regulatory and certification security requirements (e.g. FISMA, FedRAMP, SOC2, ISO 27001, ISO 27017, ISO 27018, PCI DSS, HITRUST, CJIS, C5, SOC, etc.),
- partnering with the business unit to remove impediments beyond/outside of the business unit that jeopardize securing or retaining a cloud certification.
The CAE will have broad technical background and experience necessary to support multiple cloud product certifications which may span offices, time zones and hemispheres.
The CAE will have experience with architecture, design and operations of cloud solutions and the how to meet security compliance requirements. Must have the ability to propose technical solutions to complex security compliance issues.
The CAA should have a clear understanding and experience implementing at least one major cloud certification (FedRAMP, SOC2, ISO 27001, or HITRUST),and understand the cloud authorization processes. NIST and/or FISMA experience is also preferred along with basic competencies in the areas:
- Working with multiple stakeholders (internal and external) across product lines to assess and identify security compliance gaps and propose technical remediation solutions and options necessary to secure a certification
- Assisting with technical questions regarding control implementation as well as post authorization activities such as significant change, annual authorization renewals, etc.
- Reviewing current system security measures and recommending and implementing enhancements
- Translating complex concepts and solutions into documents required for the certification (i.e. System Security Plan)
- Working knowledge or experience conducting system security and vulnerability analyses and risk assessments
- Updating security knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Collaborating effectively across multiple organizations with diverse personalities and expertise to drive to agreement on complex issues
Who You'll Work With
It is an exciting time in Cisco's Security & Trust Organization, as the organization evolves its mission ‘to enable a Cisco that secures itself, its ecosystem and the industry, leveraging Cisco on Cisco and industry leading practices'.
Who You Are
- 2+ years specialized experience in reviewing security documentation for requirements, compliance, compliance documentation, testing results, standard operating procedures, system security plans, etc.
- 2+ years of certification experience with (ISO27001, FedRAMP, PCI DSS, SOC2, HITRUST, or CJIS)
- Understanding of cloud security and overall cloud computing architecture
- Experience with communication between leadership, operational teams, development teams and certification teams
- Understanding of development of presentation materials and overall presentation skills around technology and compliance
- Experience applying process improvement techniques
- Excellent written and verbal communication skills
- Solid understanding of security protocols, cryptography, authentication, authorisation and security
- Applicable industry security certifications (e.g. CAP, CISA, Associate of CISSP, GIAC, etc.) a plus
- Secure Software Development Lifecycle experience a plus
- Experience writing scripts and tools
Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.
We Are Cisco
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference. Here’s how we do it.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (30 years strong!) and only about hardware, but we’re also a software company. And a security company. An AI/Machine Learning company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!
But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
Day to day, we focus on the give and take. We give our best, we give our egos a break and we give of ourselves (because giving back is built into our DNA.) We take accountability, we take bold steps, and we take difference to heart. Because without diversity of thought and a commitment to equality for all, there is no moving forward.
So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool.
**MUST BE ABLE TO OBTAIN AND MAINTAIN A U.S. GOVERNMENT SECURITY CLEARANCE**
*LI-PRIORITY AND *LI-KM1