Location:Offsite, San Jose, California, US
Area of InterestEngineer - Software
Technology InterestBig Data, Analytics, Security, Software Development, Testing
Security Architect (Remote)
The Cisco Security Business Group (SBG) focuses on empowering the world to reach its full potential, securely through the Cisco Secure products. The SBG Security team supports this mission by building thoughtful partnerships with our internal partners to drive security strategy alignment across the SBG portfolio. Through these efforts, we are able to deliver simple, effective security solutions for our internal customers that meet both market and industry expectations.
Our team’s mission is to become our internal customers’ most trusted partners by building best-in-class security programs that shape the market with our research, make it easy for our customer teams within Cisco to develop secure software, protect our most valuable information and customer assets, and enable SBG employees to work securely as they deliver Cisco Secure products including Duo, Umbrella, SecureX, Talos, AMP for Endpoints, StealthWatch, Tetration, and beyond.
#WeAreCisco, where each person is unique and our team is our secret weapon. We run the spectrum from artists to analysts, low-key to high energy, and bring together a diversity of skill sets, experiences, and perspectives to solve the sophisticated problems that come with securing a growing business. Together we build solutions that are easy, effective, trustworthy, and enduring.
We are looking for a security architect to work on a high-performing Product Security team covering Cisco Umbrella as well as other products in the Cisco Secure portfolio and coordinate with several other groups to ensure the platform’s security, privacy, and resiliency.
What you will do:
· Lead threat modeling and security design reviews with engineering team and provide domain expertise in resolving complex security problems.
· Facilitate and lead consistent DevSecOps practices for Cisco Cloud Security organization.
· See opportunities for automation and partner with engineering and security teams on its implementation.
· Develop and support offensive security testing and validation.
· Resolve, review, and triage security vulnerabilities as needed.
· Improve secure coding practices, application security requirements, automation, training, and metrics.
· Help to develop relevant application security training for engineering teams.
· Maintain an active understanding of industry practices for secure software development and incident response.
Who you are:
· Bachelors + 7 years of related experience, or Masters + 4 years of related experience
· You have experience implementing secure software lifecycle practices within an agile engineering organization and have successfully established relationships with engineering teams based on teamwork, empathy, and pursuit of perfection.
· You are empathetic and accountable while helping contribute to improve the security program and enhancing the customer's trust
· Extensive experience in information security and/or IT risk management with a focus on security, performance, and reliability
· Solid understanding of security protocols, cryptography, authentication, and authorization
· Good working knowledge of current IT and cloud risks and experience implementing security solutions
· Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
· Ability to interact with a broad cross-section of personnel to explain and enforce security controls
· Ability to analyze and correlate across large and diverse datasets to provide relevant data points and remediation actions
· Demonstrate solid understanding in a few of the following areas: Web Application Security, Cloud Infrastructure, Network Security, Operating system security, and Identity and Access Management AWS/Public Cloud experience; Security Controls & Tools for AWS Public Cloud Services.
· Practical experience working at a global scale, with peers and teams that are remote from each other and often working independently
· Experience with Amazon Web Services; Microsoft Azure, and/or Google Cloud are a plus
· Offensive Security Certifications (OSCP, OSCE, OSWE) and experience are a plus
· Prior experience in bug bounty programs is a plus
· Ability to review proof-of-concept code (Python, C, Assembly) to determine functionality and feasibility.
· Knowledge of standard tools such as AppScan, BurpSuite, nmap, ZAP, Qualys , and Splunk.
3 reasons to apply:
· You are an experienced product/application security professional who is looking for new growth opportunities.
· You are passionate about security and helping others grok it and you’d like to do that at cloud-scale.
· You love the action that comes with being part of a high-performing product security team and want to work with a fast-growing security company.
Our team is committed to cultivating and preserving a culture of inclusion and connectedness. We are able to grow and learn better together with a diverse team of employees. The collective sum of the individual differences, life experiences, knowledge, innovation, self-expression, and talent that our employees invest in their work represents not only part of our culture, but our reputation and Cisco’s achievement as well. In recruiting for our team, we encourage the unique contributions that all potential candidates can bring in terms of their education, opinions, culture, ethnicity, race, gender identity and expression, nationality, age, languages spoken, veteran’s status, religion, disability, sexual orientation, and beliefs.
If this role is exciting to you, we encourage you to apply even if you don’t meet all 100% of the description or qualifications. Finally, and most importantly, we are a proud Equal Opportunity Employer.