DoD Cloud Security Operations and Compliance Engineer (SecOps)
Cisco Systems
- North Carolina
- Permanent
- Full-time
- Have, or be able to achieve, Top-Secret Clearance
- Must be a U.S. Citizen, U.S. Soil
- 8+ years proven track record in cybersecurity
- Consistent track record with the FedRAMP authorization process; first-hand experience with FedRAMP PMO
- Must be proficient in coding in Python
- Experience with vulnerability management and incident response processes
- Knowledge of authentication protocols, authorization standards and crypto primitives (TLS, OAuth, SAML, JWT, etc.)
- Firm grasp of SOC2, NIST 800-53, ISO 27001, ISO 27017, ISO 27018, C5, IRAP, and other key cloud certifications
- Have a working history/knowledge of the DoD/DISA authorization processes
- Have prior experience protecting cloud-based environments. 2+ years in a cloud security role preferred
- Have clear experience with AWS services: EC2, VPC, KMS, ECS, EKS, S3, Route53, IAM, SSO GuardDuty, Secret Manager, CloudWatch
- Practiced in CSDL, IL5, DSAWG / DISA PA
- Clear experience building and maintaining compliance programs for Cisco product and cloud offerings.
- Solid grasp of Tenable, Linux, Docker, Kubernetes
- History of implementing enterprise security tools - SIEM, IDS/IPS, FIM, PAM
- Familiarity with OWASP TOP-10, CIS Benchmarks, STIGs
- Experience / knowledge eMASS, SNAPS, PPSM, C-ITP
- Experience with Infrastructure as Code and Configuration Management tools.
- Experience / knowledge of working with RESTFUL APIs and Webservices
- Experience with alerting and monitoring tools.
- Experience with common security scanning tools (e.g., Nessus, Tenable, Qualys, IBM AppScan, Burp Suite, etc.)
- Understanding of software development lifecycle models, as well as the approaches to implement the AWS Well-Architected Framework.
- Knowledge of Ansible and Terraform
- Certification (AWS Security Specialty, GCIH - GIAC Certified Incident Handler, (ISC)2 CCSP - Certified Cloud Security Professional) is a plus
- You thrive when things are ambiguous, and desire to strategically explore problem spaces without having a clear goal. Where you're going, you don't need roads!
- You care about chipping in to a collaborative culture and being responsible for providing technical leadership.