Sr Cloud Infrastructure Security Engineer (Devops)

P

palo_alto_networks

Sr Cloud Infrastructure Security Engineer (Devops)

Santa Clara, CA
Paid
  • Responsibilities

    We are reshaping the cybersecurity market through our cloud-delivered security services, and our cloud infrastructure is quickly and massively growing with a global footprint. We’re looking for great SREs, as well as software engineers interested in production engineering, to help us scale the largest enterprise security cloud infrastructure in the world.

    Description:

    Palo Alto Networks reinvented the enterprise firewall, growing from a start-up to a multi-billion-dollar company. Our Application Framework, the latest offering in our cloud-delivered security services, ingests security events from hundreds of thousands of firewalls deployed across the globe to provide a massive data analytics platform for deep inspection, anomaly detection, and actionable security automation. Our cloud infrastructure is home to a series of massive and complicated distributed systems and virtualization software platforms which enable big data processing around security services, sandboxing and malware detection, URL categorization and malicious site/domain identification, and security research/response.  

    Qualifications

    • Deep knowledge of Linux and the networking stack, with hands-on experience in large infrastructure security in data centers and public cloud
    • Experience with security at the host level including iptables and rule automation, as well as network-level east-west and north-south security best practices.
    • Experience in creating automated frameworks for vulnerability management such as automated OS/kernel patching including kernel patching, Java upgrades, Python upgrades, and Docker security at large scale
    • Experience and knowledge of working with security tool APIs such as Nexpose, Tenable, etc.
    • Experience and knowledge of various security compliance standards such as PCI, FedRAMP, SOC2 controls, as well as auditing and reporting
    • Knowledge and understanding of WAS application tools such as Qualys/Burp suite and building tools as necessary to facilitate web application remediation
    • Experience in automated provisioning of network devices (ie Arista switches with Ansible or Saltstack or building Python tools to interface with network devices)

     

    Responsibilities

    • Working with teams to work through, and contribute to, our security roadmap – from a reference architecture and design to implementation
    • Working with system/platform SREs and application SREs to make sure security is properly implemented and monitored
    • Write automation code and leverage tools for large-scale vulnerability management, security rule enforcement, auditing, reporting
    • Interface with InfoSec team on planning and implementing security-focused projects, participate in incident response
    • Incorporate hardening best practices in our core automation and builds in bare metal implementations, Kubernetes-managed compute clusters, and public cloud
    • Work with application SREs and application developers to incorporate security in different layers of application and infrastructure

     

    Learn more about Palo Alto Networks here and check out our fast facts #LI-MB1