Information Security Engineer
Location:RTP, North Carolina, US
Alternate LocationAnn Arbor, Austin
Area of InterestInformation Technology
What You'll Do
You will be part of the Application Security team within Cisco’s Information Security organization, driving security best practices within the Cisco Enterprise. You will play a leadership role in assisting these groups in securely architecting and operating their applications and platforms by aligning to industry standard methodologies, compliance and privacy requirements via Cisco’s Security Control Framework.
You be responsible for driving adoption, identifying and defining new security objectives and controls and helping with our automated security validation development.
This role is an excellent opportunity to be part of a world-class security organization and contribute to the security, privacy and data protection needs of a large enterprise that is continually evolving its business models.
Who You Are
- Hands on experience securing applications within a major public cloud provider, such as AWS or GCP, is required
- Experience with containers (Kubernetes, Docker)
- Ability to build tools and automate data collection using an interpreted programming language
- Strong foundation in security domains such as web security, cloud services security, identity/access management, web application firewalls, intrusion detection, and static analysis and dynamic application security testing
- Solid understanding of Web Application n-tier architectures, threat modeling and secure coding practices
- Security fundamentals with a solid understanding of threats, vulnerabilities, defenses, security principles and policies
- Strong knowledge of security vulnerabilities and remediation documented by organizations like OWASP, SANS, etc.
- You have a proven foundation of Secure Development Lifecycle (SDL) and a working knowledge of SDL requirements.
- You have Application Security Assessment experience - - development, implementation and maintenance of the Application Security posture in an enterprise organization
- You have significant experience with Agile Methodologies, DevOps and CI/CD with relevant experience in all phases of the application development
- You demonstrate strong communication skills and are able to articulate application vulnerabilities, defects, technical controls, risks, and other complex security matters with the Business in a language that can be easily understood.
- You possess out-of-the-box thinking, analytical reasoning, and creative problem-solving skills.
- You are able to provide technical security training.
- You act decisively, are passionate, highly motivated and eager to affect significant impact to make Cisco more secure!
- 3+ years information security experience.
- College degree.
- Any additional technical training, including CCSP, CISSP, or cybersecurity related certifications is a plus