When you join Verizon
Verizon is one of the world's leading providers of technology and communications services, transforming the way we connect across the globe. We're a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward - and you can too. Dream it. Build it. Do it here.
What you'll be doing...
At BlueJeans by Verizon, we're transforming the way people meet by creating a human connection in every experience. Together, we're bringing video to everyone, regardless of location or device, including mobile, desktop, or room systems. We work with thousands of companies worldwide to upgrade everyday meetings, large-scale events, and social network broadcasts by replacing traditional web conferencing with face-to-face video communication. All our customers have one trait in common: they understand the benefits to bringing their employees, leaders, and partners closer together.
As a Principal Cyber Security Engineer, you will be responsible for keeping our enterprise-class cloud service secure from a variety of threats. We are looking for an individual who is passionate about application security and collaborate with our teams in creating a culture of security across the company. You should be an effective communicator that works with all stakeholders - across various departments within the company as well as externally with customers, partners, and vendors. You will work with security champions drawn from various Engineering teams and DevOps to design and implement mitigations for existing and imminent threats.
- Assist in defining, designing and implementing systems and processes to secure our hybrid data-center and public cloud infrastructure
- Engage early in the software development lifecycle (SDLC) as a security leadto conduct security reviews, perform threat modeling coordinate security testing andintegrate required tools, standards, and metrics into release processes as well as operating environments
- Collaborate with Engineers and QA to perform root cause analysis of security issues and get them addressedper SLA
- Drive the implementation of security controls in the application and the operating environment to meet the requirements of NIST 800-53-based programs such as FedRAMP and FISMA
- Manage internal and 3rdparty app security, penetration testing and bug bounty programs
- Work closely with Operations, IT, Support and Engineering teams to monitor and remediate security incidents
- Work with Sales and Legal teams to assist with RFPs and contracts as well as assist with customer security assessments as needed
- Assist with of compliance audits in the company
- Assist in creating a culture of security-conscious employees with programs and influence
- Measure and report the effectiveness of application security programs using appropriate metrics, identify gaps against goals, plan and execute continuous improvements
- Lead Security Champions Meetings
- Mentor Junior Engineers in the team
Where you'll be working...
This hybrid role will have a defined work location that includes work from home and assigned office days as set by the manager.
What we're looking for...
You'll need to have:
- Bachelor's degree or four or more years of work experience.
- Six or more years of relevant work experience.
- Experience in a security function at a cloud services or a software company, leading large scale projects
- Experience securing applications in Cloud infrastructures such as AWS, Azure or GCP will be a plus
Even better if you have...
- Programming experience using a high level programming languages and a scripting language.
- Experience with container orchestration frameworks such as Kubernetes and secure CI/CD processes
- Active membership of Information Security user groups with security certification (CISSP, CEH, GWAPT, GPEN, OSCP, etc.) will be an added plus
- Experience identifying information protection needs and defining system security requirements, architecture, designs, and standards
- Experience with implementing NIST 800-53-based security controls for FedRAMP or FISMA authorization
- Practical understanding of latest OWASP Top 10 and CERT advisories and prior experience implementing nimble remediation strategies
- Hands-on experience with tools from 3rdparty vendors such as Tenable, Rapid7, Qualys, Whitehat Security and/or open source tools such as Nessus, Metasploit, Burp Suite, Nmap, will be a plus
- Ability to maintain a flexible work schedule to enable interactions across multiple time zones with remote teams is a plus
- Exposure to compliance certifications such as SOC 2 or ISO 27001 will be a plus
- Good communication skills with the ability to work with a disparate set of stakeholders - engineers, sales, etc. inside a company and customers, vendors, partners outside a company
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our page to learn more.
COVID-19 Vaccination Requirement
NYC candidates: Verizon requires new hires to be fully vaccinated against COVID-19 for onsite and hybrid NYC roles. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons). Additional information will be provided during the hiring process.