Security Engineer, Vulnerabilities Management in San Jose, CA

Cisco   •  

San Jose, CA 95101

Industry: Telecommunications & Hardware

  •  

5 - 7 years

Posted 56 days ago

Responsibilities

As part of DNA Center Security team, you will work to ensure vulnerabilities within the product and related environments are identified, assessed, and mitigated in a timely manner. Conduct recurring scans, audit and track mitigation activities through to completion. Investigate and validate risk levels associated with vulnerabilities identified. Provide remediation guidance and recommendations and coordinate across development streams and with Cisco PSIRT team.

You will be an excellent fit if you:

  • Have an expert knowledge of Vulnerability Management Life Cycle
  • Have hands-on experience with tools and technologies used through Secure SDLC (AppScan, Burp Suite, Nessus/Qualys, Twistlock, etc) and integration of such tools into CI\CD workflow

Required Skills:

  • 5 or more years of experience in Information Security
  • Strong knowledge of Linux, Docker, Kubernetes
  • Expert knowledge of OWASP TOP 10 application vulnerabilities mitigation techniques
  • Experience with maintaining and utilizing common commercial and open source vulnerability scanning and security auditing tools (AppScan, Burp Suite, Nessus/Qualys, Twistlock, etc.) in both cloud and OnPrem environments
  • Familiarity with classes of vulnerabilities and CVSSv3 vulnerability scoring
  • Experience with Artifactory, Git, Bitbucket, Jenkins, CI\CD in general
  • Experience integrating tools into the build pipelines.
  • Knowledge of authentication protocols, authorization standards and crypto primitives (TLS, OAuth, SAML, JWT, etc)
  • Ability to work effectively in a cross-functional setting through influence, persuasion, and collaboration
  • Experience developing security dashboards and metrics.
  • Ability to plan, organize, prioritize, work independently and meet deadlines.
  • Strong communication skills

Desired Skills:

  • Knowledge of compliance standards like FIPS 140-2, Common Criteria, SOC 2, FedRAMP
  • Experience protecting cloud-based environments
  • Knowledge of programming languages like Java, Golang, Python


Valid Through: 2019-11-12