Staff Engineer - DevSecOps - Opportunity for Working Remotely
- Palo Alto, CA
SD-WAN is evolving from simplified cloud management, assured performance WAN Infrastructure to a Client to Cloud to Container story with intrinsic security. It is no longer an "edge-to-edge technology". It is expanding to go deeper into the branch or home or frankly anywhere; from individual clients to the cloud, and all the way to the application container, wherever it sits, in the public or private cloud.
For the third year in a row, VeloCloud by VMware has been named a Leader in the 2020 Gartner Magic Quadrant for WAN Edge Infrastructure! Amongst multiple vendors, VMware emerged again as a Leader, positioned furthest in Completeness of Vision and highest in Ability to Execute. Learn Fast, Trust each other, Have Fun. That embodies the culture of VeloCloud by VMware - a market leader in the SD-WAN space.
The DevSecOps Engineer will help deploy & maintain the VMware SD-WAN hosted service. The engineer will oversee the overall security of the hosted service, which includes the cloud infrastructure, Linux instances, Kubernetes infrastructure & services, and ESXi-based hypervisors & associated infrastructure, and intervene to correct problems should they arise. The engineer shall be well versed in WAN, SaaS, the Linux OS, data center infrastructure technologies, and fundamental security concepts, to ensure the production service operates securely and at peak performance. The DevSecOps engineer will work closely with product security & compliance engineers, site reliability engineers, and systems engineers to build automation to ensure any security vulnerabilities in the running service may be discovered and remediated quickly and reliably. The ideal candidate will be familiar with, and embrace, DevOps philosophies, especially collaboration with other engineers & teams.
- Manage and maintain security for the hosted VMware SD-WAN global service platform per SLA and compliance regulations
- Work closely with external teams to influence product and engineering decisions as it relates to security
- Work on identifying and assessing all threat vectors impacting the hosted service
- Engineer, implement, and monitor security measures for the protection of the hosted service
- Respond to security incidents and publish root cause analysis (RCA) reports
- Consistently identify and quickly remediate security vulnerabilities within compliance-defined SLAs
- Ensure all running systems, including Linux instances, Kubernetes clusters, ESX & KVM hypervisors, and supporting infrastructure, are regularly patched per compliance regulations
- Aid and assist in annual compliance audits and help ensure all compliance policies & regulations are observed & implemented
- Assist in answering customer security evaluations & concerns of the hosted service
- Help design and create infrastructure-as-code to support secure & consistent non-prod & production environments
- Collaborate with Technical Operations Engineers to operate and automate the global infrastructure
- Provide support to security escalations from customer support and other technical teams
- 7+ years designing secure infrastructure environments in both cloud and conventional datacenters
- 7+ years UNIX/Linux OS management
- 7+ years of scripting (e.g., Bash, Python, Ruby, etc.)
- 7+ years of configuration management (e.g., ansible, chef, puppet, saltstack, etc.)
- 7+ years proven work experience as a system security engineer with hands-on design and implementation expertise
- Detailed technical hands-on knowledge of networking, database, and operating system security
- In-depth experience with public cloud (e.g., AWS, GCP, Azure, etc.) security and deployment
- In-depth knowledge of SSO solutions, including MFA deployments
- In-depth knowledge of PKI & Certificate management
- Experience with security aspects of operating SaaS environments
- Worked with 3rd party Penetration Testing vendors for security research and pen tests
- Understanding of L2 and L3 Network OSI layers
- Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
- Understanding of threat landscape including code and OS vulnerabilities, and how to mitigate risks
- Experience with modern container services like Docker and orchestration system like Kubernetes
- Ability to investigate open-source software and solutions and extend them to provide custom solutions
- Familiarity with web-related technologies (Web applications, Web Services, Service-Oriented Architectures) and of network or web related protocols
- Hands-on experience writing Terraform configurations
- Familiarity with CI/CD tools like Jenkins, GitHub, etc.
- Experience with VMWare stack like ESXi, vCenter, NSX, etc.
- Experience with compliance & certification programs or frameworks such as OWASP, NIST, FedRAMP, PCI, HIPAA, SOX, etc.
- Thorough understanding of the latest security principles, techniques, and protocols
- BS Computer Science a plus
- This position will perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil, and therefore any offer will be contingent upon verification of both of these requirements
Exceptional communication and listening skills, ability to establish rapport and credibility, and clearly articulate problem statements
- Excellent presentation and communication skills & ability to work in a team environment
- Ability to work independently in a fast-paced unstructured environment
- Diligence and attention to detail, ability to work on own initiative, and a 'can-do' attitude
- Detail-oriented, good at follow-through
- Strong drive to make a difference and track record of accomplishment
- High personal and professional standards of ethics and integrity
- Able to provide responsive service to all departments, and juggle priorities under time pressure
We are a team of doers and makers and believe in a diverse, egalitarian work environment. Our cultural emphasis on Learn Fast, Trust Each Other and Have Fun has allowed us to build a crack team of "A" players. We promise you will have a whale of a time working with us and our channel partners and customers. Come Learn with Us.
VMware is an equal opportunity employer and prohibits discrimination and harassment of any kind. All applicants will be treated fairly and given equal opportunity in all aspects of the employment, including compensation and benefits, irrespective of their race, color, nationality, religion, sex, sexual orientation, marital status, age, disability, or ethnic origin.
VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.
Back to top