Staff Information Security Engineer - Fedramp

Rubrik is seeking creative problem solvers with a passion for cyber security. In this role you will partner with all parts of the business to build security solutions that help secure the brand and protect the organization, company and customer environments. You will be responsible for executing security engineering programs and managing security technologies across the board. The ideal candidate for this role is someone who can build innovative ways to deliver frictionless security capabilities to enhance the security posture of the organization.

What you'll be doing:

• Deploy and operate security solutions and supporting infrastructure in cloud and datacenter environments in support of internal customer security needs and FedRAMP requirements
• Leading and managing requirements per FedRAMP and DOD Impact Level specifications/controls and turning them into operational models and implementations for the InfoSec organization
• Develop and automate Security tasks that span from Security Operations to Infrastructure as Code in support of InfoSec initiatives
• Develop and maintain metrics and data models related to the FedRAMP program to drive compliance and optimization improvements
• Manage a scalable and highly available solution for security logging and drive efforts of logging onboarding for increased security visibility

Experience you'll need:

• Experience with with security automation and data management tools (XSOAR, Phantom, Snowflake, etc)
• Bachelor degree in Computer Science or related field or equivalent experience
• 6+ years experience in security engineering, building and managing security solutions across the stack (on-prem and cloud)
• Working experience in GCP, AWS or Azure
• Proficiency in any scripting language (Python, PowerShell, Perl, Ruby, shell, etc.)
• Strong understanding of logging and data management best practices and strong experience in any logging and/or SIEM platform
• Leadership experience collaborating with internal customers to establish strong requirements, prioritize work based on outcomes that drive risk reduction and operational effectiveness
• Prior experience working in environments with NIST 800-53, NIST 800-171 controls or FedRAMP requirements

Preferred Qualifications:

• Security certifications are a plus (CISSP, CISM, SANS certs, vendor certs, etc.)
• Basic knowledge of container technologies (Docker, Kubernetes, etc), microservices and CI/CD pipelines

This position carries special Security and Privacy Responsibilities for protecting the U.S. Federal Government’s interests:

• Report security issues promptly, and aid investigation when needed;
• Support controlled changes and vulnerability remediation activities; and
• Work collaboratively with Information Security in designing, implementing, assessing or enhancing system-specific security and privacy controls.
• Participate in role-based training, completing assignments on a timely basis;
• Perform ongoing activities in compliance with service and contractual obligations;
• Know, acknowledge, and follow system-specific security policies and procedures;
• Protect data and individual privacy per requirements and regulations;

This position carries responsibilities and duties involving U.S. Government interests.

The selected incumbent may be subject to any or all of the additional background checks noted below:

Position Risk Designation: Non-Sensitive, Low Risk, Tier 1

Incumbents without access to U.S. Government data may be required to complete Standard Form 85 and undergo a Tier 1 Investigation (T1) for non-sensitive positions of Low Risk. (Baseline screening; formerly National Agency Check and Inquiries (NACI)).

Position Risk Designation: Non-Sensitive, Moderate Risk, Tier 2 (Public Trust)

Incumbents with access to U.S. Government data may be required to complete Standard Form 85P and undergo Tier 2 (T2) Investigation for non-sensitive positions designated Moderate Risk.

Position Risk Designation:Moderate Risk Law Enforcement (CJIS)

When hired for a position where access to Moderate Risk criminal justice information is required, the employee must complete a fingerprint-based national criminal history background check within 30 days after the employee’s start date.

#LI-MC1

#LI-Remote