ThousandEyes, Inc.
Senior Information Security Engineer, FedRAMP
ThousandEyes, Inc., Seattle, Washington, us, 98127
Senior Information Security Engineer, FedRAMP
Austin, TX, San Francisco, CA or Seattle, WA
ThousandEyes, Inc.ThousandEyes Digital Experience Assurance: detect, diagnose, and remediate digital experience disruptions from any application over any network.Cisco ThousandEyes is a Digital Experience Assurance platform that empowers organizations to deliver flawless digital experiences across every network – even the ones they don’t own. Powered by AI and an unmatched set of cloud, internet and enterprise network telemetry data, ThousandEyes enables IT teams to proactively detect, diagnose, and remediate issues – before they impact end-user experiences.ThousandEyes is deeply integrated across the entire Cisco technology portfolio and beyond, helping customers deploy at scale while also delivering AI-powered assurance insights within Cisco’s leading Networking, Security, Collaboration, and Observability portfolios.About The Role
ThousandEyes is seeking an exceptional senior information security engineer with strong project management skills to support our Information Security and Privacy Risk Management function. This is a combination of project/program management and risk analysis: a hands-on role that requires experience and expertise managing projects and processes related to security of networks, systems and applications. The Information Security Risk Management team is responsible for managing and mitigating risks faced by ThousandEyes to protect its systems, services and data. Our scope includes everything from customer applications to enterprise services that support our business operations. We work cross-functionally with internal teams providing security consulting services while driving new program initiatives. You should be strongly driven and excited about learning new processes. You will be collaborating with ThousandEyes’ project teams to ensure the success of the information security risk management program. We are looking for an information security engineer / project manager that will be aggressive in following up on tasks, achieving deadlines, and holding resource owners accountable to risk remediation plans. The security engineer role will be highly engaged with all aspects of the risk assessment process. A successful candidate will need strong project management fundamentals and excellent communication skills.What You’ll Do
Assess information security risks of new projects and deployments (this will require practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices)Project/program management of information security risk management activities (including risk treatment plans and external audit/certification initiatives such as SOC2, ISO 27001 and FedRAMP)Plan and perform internal security audits to assess control design and effectivenessParticipate in supporting major external security certification and compliance attestation initiativesCommunicate with company workers on security awareness topicsEvangelize project owners to do the right thing using diplomacy & tact in all interactionsParticipate in 24x7 Information Security Response teamThe individual must have a strong background in Python, shell scripting, and database knowledge. He/she/they must possess strong organizational skills, be action oriented, results driven, and work with minimal direction. Attention to detail and ability to work under pressure are critical in this role.Qualifications
The successful applicant will be performing work in FedRAMP Moderate and/or FedRAMP High or IL-5 environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil.8+ years of experience in the Information Security or related domain[s]Highly organized with excellent verbal and written communication skillsA firm understanding of technologies and controls including those related to system, networking, and web application securityA working knowledge of Docker is absolutely necessaryDay-to-day general knowledge of managing architecture with TerraformProven experience working with a major cloud provider (AWS, GCP, Azure)Experience with multi-tasking and fast paced work environments is needed; strong time management skillsAction oriented with a passion for getting things done quickly, efficiently, and properlyAbility to work independently with minimal guidance while being a team player able to effectively manage a demanding workload across geographic and organizational boundariesStrong customer service and service delivery orientationExperience creating or maintaining networking, automation, and/or API-focused bash or python programsPreferred Qualifications
Proven experience with hardening of operating systems and building, deploying images based on STIG, CIS or similar controlsAdvanced working knowledge of any Linux OS & critical network protocols, web security architecture (nginx, apache), and/or Firewalls, IAM, IDS/IPS, SIEM, CryptographyProven experience performing or project managing information security risk assessmentsProven experience with code-review and/or relatable integration testingExperience deploying, securing, & maintaining Kubernetes in a public cloudExperience auditing and securing public-facing microservicesCertification for an applicable vulnerability management toolKnowledge of ISO 27001, SOC2, FedRAMP, NIST and CSA CCM frameworks, as well as global data protection and privacy lawsHands-on experience with FedRAMP, SOC2 and/or ISO certification engagementsSecurity certifications such as CISSP, CISM, CCSP, GSEC, CCIE, OSCP, OSWEProject management certifications such as PMPProject-related experience demonstrated through Github/Gitlab repositoriesCisco values the perspectives and skills that emerge from employees with diverse backgrounds. That's why Cisco is expanding the boundaries of discovering top talent by not only focusing on candidates with educational degrees and experience but also placing more emphasis on unlocking potential. We believe that everyone has something to offer and that diverse teams are better equipped to solve problems, innovate, and create a positive impact.We encourage you to apply even if you do not believe you meet every single qualification . Not all strong candidates will meet every single qualification. Research shows that people from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy. We urge you not to prematurely exclude yourself and to apply if you're interested in this work.Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.US – COMPENSATION RANGE – MESSAGE TO APPLICANTS
154600 USD - 251300 USDMessage to applicants applying to work in the U.S.:When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.U.S. employees have
access
to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday, plus a day off for their birthday. Employees accrue up to 20 days of Paid Time Off (PTO) each year and have access to paid time away to deal with critical or emergency issues without tapping into their PTO. We offer additional paid time to volunteer and give back to the community. Employees are also able to purchase company stock through our Employee Stock Purchase Program.
#J-18808-Ljbffr
Austin, TX, San Francisco, CA or Seattle, WA
ThousandEyes, Inc.ThousandEyes Digital Experience Assurance: detect, diagnose, and remediate digital experience disruptions from any application over any network.Cisco ThousandEyes is a Digital Experience Assurance platform that empowers organizations to deliver flawless digital experiences across every network – even the ones they don’t own. Powered by AI and an unmatched set of cloud, internet and enterprise network telemetry data, ThousandEyes enables IT teams to proactively detect, diagnose, and remediate issues – before they impact end-user experiences.ThousandEyes is deeply integrated across the entire Cisco technology portfolio and beyond, helping customers deploy at scale while also delivering AI-powered assurance insights within Cisco’s leading Networking, Security, Collaboration, and Observability portfolios.About The Role
ThousandEyes is seeking an exceptional senior information security engineer with strong project management skills to support our Information Security and Privacy Risk Management function. This is a combination of project/program management and risk analysis: a hands-on role that requires experience and expertise managing projects and processes related to security of networks, systems and applications. The Information Security Risk Management team is responsible for managing and mitigating risks faced by ThousandEyes to protect its systems, services and data. Our scope includes everything from customer applications to enterprise services that support our business operations. We work cross-functionally with internal teams providing security consulting services while driving new program initiatives. You should be strongly driven and excited about learning new processes. You will be collaborating with ThousandEyes’ project teams to ensure the success of the information security risk management program. We are looking for an information security engineer / project manager that will be aggressive in following up on tasks, achieving deadlines, and holding resource owners accountable to risk remediation plans. The security engineer role will be highly engaged with all aspects of the risk assessment process. A successful candidate will need strong project management fundamentals and excellent communication skills.What You’ll Do
Assess information security risks of new projects and deployments (this will require practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices)Project/program management of information security risk management activities (including risk treatment plans and external audit/certification initiatives such as SOC2, ISO 27001 and FedRAMP)Plan and perform internal security audits to assess control design and effectivenessParticipate in supporting major external security certification and compliance attestation initiativesCommunicate with company workers on security awareness topicsEvangelize project owners to do the right thing using diplomacy & tact in all interactionsParticipate in 24x7 Information Security Response teamThe individual must have a strong background in Python, shell scripting, and database knowledge. He/she/they must possess strong organizational skills, be action oriented, results driven, and work with minimal direction. Attention to detail and ability to work under pressure are critical in this role.Qualifications
The successful applicant will be performing work in FedRAMP Moderate and/or FedRAMP High or IL-5 environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil.8+ years of experience in the Information Security or related domain[s]Highly organized with excellent verbal and written communication skillsA firm understanding of technologies and controls including those related to system, networking, and web application securityA working knowledge of Docker is absolutely necessaryDay-to-day general knowledge of managing architecture with TerraformProven experience working with a major cloud provider (AWS, GCP, Azure)Experience with multi-tasking and fast paced work environments is needed; strong time management skillsAction oriented with a passion for getting things done quickly, efficiently, and properlyAbility to work independently with minimal guidance while being a team player able to effectively manage a demanding workload across geographic and organizational boundariesStrong customer service and service delivery orientationExperience creating or maintaining networking, automation, and/or API-focused bash or python programsPreferred Qualifications
Proven experience with hardening of operating systems and building, deploying images based on STIG, CIS or similar controlsAdvanced working knowledge of any Linux OS & critical network protocols, web security architecture (nginx, apache), and/or Firewalls, IAM, IDS/IPS, SIEM, CryptographyProven experience performing or project managing information security risk assessmentsProven experience with code-review and/or relatable integration testingExperience deploying, securing, & maintaining Kubernetes in a public cloudExperience auditing and securing public-facing microservicesCertification for an applicable vulnerability management toolKnowledge of ISO 27001, SOC2, FedRAMP, NIST and CSA CCM frameworks, as well as global data protection and privacy lawsHands-on experience with FedRAMP, SOC2 and/or ISO certification engagementsSecurity certifications such as CISSP, CISM, CCSP, GSEC, CCIE, OSCP, OSWEProject management certifications such as PMPProject-related experience demonstrated through Github/Gitlab repositoriesCisco values the perspectives and skills that emerge from employees with diverse backgrounds. That's why Cisco is expanding the boundaries of discovering top talent by not only focusing on candidates with educational degrees and experience but also placing more emphasis on unlocking potential. We believe that everyone has something to offer and that diverse teams are better equipped to solve problems, innovate, and create a positive impact.We encourage you to apply even if you do not believe you meet every single qualification . Not all strong candidates will meet every single qualification. Research shows that people from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy. We urge you not to prematurely exclude yourself and to apply if you're interested in this work.Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.US – COMPENSATION RANGE – MESSAGE TO APPLICANTS
154600 USD - 251300 USDMessage to applicants applying to work in the U.S.:When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.U.S. employees have
access
to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday, plus a day off for their birthday. Employees accrue up to 20 days of Paid Time Off (PTO) each year and have access to paid time away to deal with critical or emergency issues without tapping into their PTO. We offer additional paid time to volunteer and give back to the community. Employees are also able to purchase company stock through our Employee Stock Purchase Program.
#J-18808-Ljbffr