The Cloud Native Security Staff Engineer will act as a subject matter expert for continous enablement, monitoring, and resolution of build, configuration, and runtime security issues in the cloud native, serverless, and microservices computing environments. They will provide leadership and oversight for CNS engineers, ensuring consistent success of project tasks towards service objectives and deliverables. The Staff Engineer will need a strong background in DevOps patterns and automation including secure baseline configurations and security monitoring operations. They will also take point designing, building, and maintaining the service infrastructure and internal/external knowledgebases. As a primary technical point of contact for the Cloud Native Security services, the Staff Engineer must be adept at building relationships with partner teams, business communication, and possess strong interpersonal skills.
MAJOR TASKS, RESPONSIBILITIES AND KEY ACCOUNTABILITIES
20% - Strategy & Planning:
30% - Delivery & Execution:
- Researches and analyzes business trends and behavioral data to identify opportunities for improvements and new initiatives
- Leads the evaluation, development, and recommendation of specific technology products and platforms to provide cost-effective solutions that meet business and technology requirements
- Researches and designs best fit infrastructure, network, database, and security architectures for products
- Proactively creates and maintains tools for monitoring and support
- Participates in project planning and management across multiple efforts
- Develops formal training courses
40% - Support & Enablement:
- Leads configuration, debugging, and support for infrastructure
- Leads field and corporate roll-outs of technology
- Leads the stand up of necessary system software, hardware, and equipment (physical or virtual) to meet changing infrastructure needs
- Creates and optimizes specifications for technology solutions
- Produces and manages purchase requests for hardware and software
10% - Learning:
- Collaborates with product and project teams to understand needs and enable them with infrastructure
- Supports technology architecture design review efforts for project and product teams
- Leverages tooling and custom applications to monitor the operational status of applications, infrastructure, networks, databases, and security; optimizes and tunes performance as appropriate
- Drives root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions
- Maintains, upgrades, and supports existing systems and infrastructure to ensure operational stability
- Acts as a vendor liaison, owning resourcing, issue management, and documentation
- Leads the production of in-house documentation around solutions
- Monitors tools and proactively helps teams struggling with systems issues
- Provides application support for software running in production
- Creates scripts and tools that drive automation and enable product teams and end users to move towards self service
- Acts as a mentor to more junior Systems Engineers
NATURE AND SCOPE
- Keeps abreast of innovations and industry trends as well as changes to internal systems and determines how they impacts tools, training, and support necessary to keep systems up, running, and secure
- Participates in and contributes to learning activities around modern systems engineering core practices (communities of practice)
- Proactively views articles, tutorials, and videos to learn about new technologies and best practices being used within other technology organizations
Typically reports to the Systems Engineer Manager or Sr. Manager.
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Typically requires overnight travel less than 10% of the time.
Must be eighteen years of age or older.
Must be legally permitted to work in the United States.
Additional Minimum Qualifications:
Must be legally permitted to work in the United States
The knowledge, skills and abilities typically acquired through the completion of a bachelor’s degree program or equivalent in a field of study related to the job.
Years of Relevant Work Experience: 3+ years
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
- Intermediate to Advanced knowledge of Cyber Security principals:
- Previous Cloud Workload Protection Platform (CWPP) and tools experience: Palo Alto Prisma Cloud Compute (formerly twistlock), Aqua, sysdig, Falco, NeuVector, etc.
- Basic understanding of Cybersecurity Governance patterns: Policy -> Standards -> Control Solutions
- Threat Detection and Response principles. Malware Prevention and Detection, Advanced Persistent Threats, Indicators of Attack (IOAs), Indicators of Compromise (IOCs)
- Vulnerability Management Fundamentals and System Hardening/Compliance - CIS / NIST Standards and integration at Build / CICD
- Basic Network Security principals - basic segmentation, firewall rules, best practices, limiting administrative ports, protecting workloads with WAF
- IAM fundamentals - principal of least privilege, authN, authZ, RBAC
- Basic Data Security principals - encryption in flight, encryption at rest, DLP fundamentals
- Advanced IT sysadmin/SRE/DevOps skills
- Operating System fundamentals - preferably in theLinux space, but deep Windows skills are workable
- Internetworking fundamentals - OSI model, troubleshooting at each layer, basic network capture analysis, network and application load balancing (L4, L7), client-server operating model.
- System Virtualization and Serverless Computing fundamentals - system abstraction, application workload isolation, with specific knowledge of Cloud Native landscape, components, and maturity. Experience, exhibited knowledge of containers, serverless, microservices architectures, including technologies such as Docker, container orchestration platforms (Kubernetes, etc.), and Cloud Service Provider serverless / cloud functions offerings.
- Intermediate to Advanced scripting / automation skills. Preferred skill in python. Powershell is workable.
- Infrastructure as Code - demonstrated understanding of infrastructure as code (IAC) tools and approaches for the automated management of computing infrastructure and services: Terraform and the like. (Ansible, Chef, etc.)
- DevOps fundamentals - rapid application development and deployment lifecycle enabled by cloud native technologies. Secure software development lifecycle (SSDLC).Understands processes surrounding developer and devops experience from code compilation to system image build (containers, system images), continuous integration and continuous deployment and the tests / validations that take place within that process.
- System monitoring fundamentals - performance troubleshooting and analysis at system level using native OS performance metrics counters and system logs. Ability to correlate logs and events to find root cause of systemic or acute impacting issues.
Knowledge, Skills, Abilities and Competencies:
- Cultivates Innovation: Creating new and better ways for the organization to be successful
- Action Oriented: Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm
- Business Insight: Applying knowledge of business and the marketplace to advance the organization s goals
- Collaborates: Building partnerships and working collaboratively with others to meet shared objectives
- Communicates Effectively: Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences
- Drives Results: Consistently achieving results, even under tough circumstances
- Global Perspective: Taking a broad view when approaching issues; using a global lens
- Interpersonal Savvy: Relating openly and comfortably with diverse groups of people
- Manages Ambiguity: Operating effectively, even when things are not certain or the way forward is not clear
- Optimizes Work Processes: Knowing the most effective and efficient processes to get things done, with a focus on continuous improvement
- Self-Development: Actively seeing new ways to grow and be challenged, using both formal and informal development channels
- Situational Adaptability: Adapting approach and demeanor in real time to match the shifting demands of different situations
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.