Job Description

Job Summary

We're forward-thinking technology people with heart. We make our own rules, drive our own opportunities, and try to approach every challenge with fresh eyes. Of course, we can't do it alone. We know when to ask for help, collaborate with others, and partner with smart people. We embrace diversity and openness because it's in our DNA. We push limits and reward great ideas. What is your great idea?
Job Summary
As a Cloud Security Engineer you are part of a team that is responsible for ensuring the security of NetApp's engineering systems and the overall security posture of NetApp engineering projects utilizing on-premises and multiple public cloud resources. Public cloud resources include, but are not limited to, those in AWS,GCP , Azure. Responsibilities will include recommending security technologies and methods to help maintain a secure environment, building automation for policy implementation and enforcement, and providing escalated troubleshooting and guidance to operations staff . In your role you will work closely with NetApp security team members, other architects and engineers making recommendations for improving our security posture; provide analysis, incident recognition, and work to prevent failures or compromises through continual system improvement thru education, automation and tooling; and actively mentor and support other team members.
Essential Functions:
As a Cloud Security Engineer you will:
- Identify and quantify skills, process, and tools gaps for on-premises and cloud environments. Document gaps and define recommendations for gap closures.
- Identify security gaps in the organization and communicate these to appropriate personnel in recommendations.
- Assist with the auditing of security and operational configurations to include system vulnerabilities.
- Proactively monitor & remediate security incoming alerts/vulnerabilities.
- Provide customers, team members, and management with RCA and project feedback.
- Recommend process improvements and educational programs/trainings.
- Regularly author troubleshooting guides, acceptance procedures, and upgrade procedures; recommend improvements to existing documentation.
- Provide technology solutions input and recommendations to address technology issues.
- Recommend operational process changes to increase efficiencies and update operational systems.
- Troubleshoot escalated, extended, or recurring issues.
- Leads efforts to advise on and preventatively remediate security issues

Job Requirements

- Excellent oral and written communication skills.
- As a subject matter expert, work with other Engineering team members to support ongoing and long-term initiatives and projects.
- Strong understanding of documentation procedures for systems, changes and desk level procedures.
- Solid operational knowledge of common security technologies (e.g. ACLs, Firewall, IDS/IDP, VPN, proxies, certificates, SIEM, load filtering, etc.); and advanced support and complex change configuration ability in at least one security technologies; competent at intermediate change configurations in more than one security technologies.
- Operational knowledge of common protocols used in datacenters like: DHCP, DNS, HTTP/HTTPS, SSH, SMTP, and SYSLOG. Basic understanding of common protocols used in datacenters like: CIFS, NFS, iSCSI, and FCoE.
- Ability to perform basic packet captures and perform traffic analysis.
- Operational experience with multiple security technologies that can affect change management, security management, audit and control, encryptions, etc.
- Administrative experience in multiple versions of operating systems such as Windows, Solaris, BSD, Linux, SCO, HPUX, etc.
- Basic understanding of various routing protocols and subnetting
- Basic knowledge of scripting languages such as python.
- Basic knowledge of system configuration toolings such as SCOM, ansible, puppet, etc.
- Operational knowledge of cloud native security services and a basic understanding of cloud auditing tools
- Basic understanding of containers and container orchestration
- Operational understanding of system patch management tooling (i.e. WSUS, yum, apt)
- Demonstrated technical writing skills required for documentation, troubleshooting guides, acceptance procedures, upgrade procedures, and process.
- Ability to follow documented daily procedures and policies; monitoring tools and response guidelines, escalation and notification processes; and Trouble/Ticket management processes and guidelines.
- Basic understanding of cryptographic hashes and ciphers.
- Basic understanding of security tools i.e. blackduck, tenable, Kics, Trivy, Coverity

Education

- A minimum of 4 years of experience is required; 4 to 8 years of experience is preferred.
- A Bachelor of Arts or Sciences Degree is required, or equivalent experience. A Graduate Degree is preferred.
- Demonstrated ability to have completed multiple, complex technical projects.
- Experience with Cisco and Palo Alto Networks security products preferred.
- Certifications in PCNSE, CISSP, CCSP, CISA, GSEC, CCIE, CCNP, or others are preferred.