Federal Cloud Engineer-Security

The successful applicant will be performing work on US Government classified environments, and therefore, must be a U.S. Person (i.e., U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil.

The Global Cloud Compliance (GCC) group within the STO is responsible to drive all compliance certifications across Cisco. The team enables and protects global cloud sales for our commercial customers, US Government and Federal agencies, as well as many international standards bodies. This team works with Sales and Business Unit partners to ensure accurate security and trust features and functionality are included in new offer releases.

What You'll Do

In today's dynamic digital environment, security is everyone's job. At Cisco, the Security and Trust Organization (STO) is at the core of making infrastructure more secure.

Your involvement in this strategic and driven team will enable you to collaborate on Cisco's major objectives - to be the number one trusted business partner to our customers. The STO reports to Cisco's Chief Security and Trust Officer and owns the innovation, training, and implementation of security and trust features and processes across all of Cisco's products.

You'll work with a team of control auditors who will provide strategy and execution support for global certifications' audits like SOC2, ISO, PCI, HIPAA, IRAP, C5 and others. The audit support activities will include, but are not limited to, defining the control objectives, advising various engineering organizations as compliance SMEs, performing gap assessments, performing internal readiness assessments, and collaborating closely with external auditors.

Primary responsibilities:

Partner with a team of compliance engineers passionate about the strategic development of Common Controls and execution of controls internal readiness

• Work on the design, governance, and maintenance of Common Controls and associated implementation strategy

• Partner with various BUs to support the appropriate adoption and on-boarding of Common Controls

• Support the development of the ISMS, risk assessment strategy, security policies, and standards for the certifications

• Liaison with external auditors and other internal teams to support certification audits

• Be the authority of relevant Security Compliance frameworks and provide mentorship to teams accordingly

Who You Are

This role will support the compliance strategy implementation across Cisco Cloud by developing, governing, and evolving common controls to achieve various security certifications like AICPA SOC2, ISO, PCI, FedRAMP, and others. The ideal candidate is proficient in compliance and has no issues with "rolling up" their sleeves to dig into the details of the various control frameworks; understanding Cisco Clouds current set up around people, process, and technology; and then crafting the common controls along with an implementation strategy.

You have a detailed understanding of risk management methodologies, frameworks, and principles (e.g., AICPA SOC2, FedRAMP, ISO, PCI, HIPAA, etc.) to evaluate and recommend the best approach to mitigating risk with outstanding controls. You possess knowledge of Core IT processes/ services such as SDLC, Identity/ User Access Management, Vulnerability Management, Backup and DR processes. Your superb interpersonal skills at all levels of the organization and ability to prioritize and multi-task in a constantly evolving environment set you apart from the pack and you love being a team-player.

Minimum requirements:

• 3+ years of experience in a security or compliance role.

• Experience within an AWS and other cloud environments

• Experience working on a team that uses a GIT workflow

Preferred requirements:

• Bachelors/Master's degree or equivalent experience with a focus in Information Technology/Computer Science or related field

• Relevant certifications like CISA, CISSP, CCSK and others will be a plus

• Experience with security policies, standards, and controls definition

• Experience with Infrastructure as code

• Experience with CI/CD pipelines

Why Cisco Secure

We're global, we're adaptable, we're diverse, and our security portfolio is as extensive as it is groundbreaking. Have you heard of Threat, Detection & Response, Zero Trust by Duo, Common Services Engineering, or Cloud & Network Security?

Those are only a few of our product teams! The only thing we're missing is YOU.

Join an enterprise security leader with a start-up culture, committed to driving innovation and giving you the opportunity to make an impact. We #InnovateToWin and we know we're better together, that's why we're dedicated to inclusivity, collaboration, and diversity in everything we do.

We're proud to be the Best Small and Mid-Size Enterprises Security Solution Cisco Secure continues to grow and evolve year after year with 100% of Fortune 100 Companies using our products, and we're excited to see the new heights we'll reach with your passion for security, your customer focus, and your desire to change things up!

There are so many amazing reasons to join Cisco. Learn more here!

#STO24

Message to applicants applying to work in the U.S. and/or Canada:

When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses.

Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday, plus a day off for their birthday.

Employees accrue up to 20 days of Paid Time Off (PTO) each year and have access to paid time away to deal with critical or emergency issues without tapping into their PTO. We offer additional paid time to volunteer and give back to the community. Employees are also able to purchase company stock through our Employee Stock Purchase Program.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows:

.75% of incentive target for each 1% of revenue attainment up to 50% of quota;

1.5% of incentive target for each 1% of attainment between 50% and 75%;

1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.