Summary:
Reporting to the IT Security Manager, the DevSecOps Engineer is a position based in and of Arista’s offices in the US, Canada, India, or Ireland.
Responsibilities:
Coordinate and execute IT security projects for Arista at multiple locations
Develop, configure and administer new integrations between security systems and Arista WiFi, CloudVision, as well as additional services, applications, and cloud enterprise infrastructure
Configuring, administering and supporting security infrastructure and key Services in application, container and server forms
Engage in security research in keeping abreast of the latest security issues for Cloud-enabled enterprises (including SAAS and IAAS)
Research best practices for a variety of technologies and document / advise on solutions for security for multiple teams
Provide and maintain scripted solutions for security, automation, maintenance, and monitoring in a variety of languages including Bash, Python, Go
Monitor compliance of infrastructure and user activity with IT security policies and applicable law
Develop, improve and monitor system compliance with the IT framework for controls and levels of access
Maintains access for business by providing information, resources, and technical support
Maintain operational support for SAML based identity management in multiple applications
Become a focus for securing technologies oriented around infrastructure and applications deployment
Collaborate with Arista internal teams to manage and mitigate security vulnerabilities and risks
Collaborate with software engineering and other internal customers to deliver integrated security solutions, and improve developer security practices
Conduct and collaborate on server and application forensics as well as Cloud / Service Provider forensics with the global security team
Conduct and collaborate on Red Team penetration testing of IT systems with the global security team
Administer and improve security-dedicated systems (software firewall management, log collection, reporting , analytics, cloud security consoles, bastion host command monitoring and auditing systems) as appropriate
Perform other related duties as assigned.
Other desirable qualifications:
Experience with processing WIFI association and other data points for Security purposes and contact tracing.
Experience with API’s for Google Cloud and G-Suite administration is highly desirable
Experience managing internal privacy and security certifications such ISO 27001, SOC 2 and GDPR
Detailed understanding of security industry standards and frameworks from OWASP, CIS and NIST
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
Experience in cloud computing enterprise integration and along with SAAS platform security, including cryptographic API usage and email security
Experience with geographical information systems.
Experience with routing, networking technology, and detailed technical knowledge of routing and switching protocols is required
Proven use and knowledge at an advanced level of networking protocols such as TCP/IP, VPN, DNS, DHCP, TLS (SSL), IPv6, SNMP, NTP and NAT
Proven exposure to Routing protocols at an advanced level, such as BGP, OSPF, IS-IS, MPLS, ARP, VLAN, STP
Hands-on experience with HashiCorp product suite, we use Terraform and Vault.
Experience with CloudFormation and Hashicorp Consul and other scalable infrastructure deployment tools is desirable
Expert knowledge of server operating systems (Windows or Linux)
Expert knowledge of virtualization platforms and tools (Docker, Kubernetes, )
Business Application security analysis and practical experience is a plus (eg: SFDC, NS, SiSense)
CISSP, GIAC or other security certifications desired.
This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
Salary is competitive and commensurate with experience and qualifications.
All your information will be kept confidential according to EEO guidelines.
Essential Qualifications:
BA, BSc. or MSc. in Computer Science, Management Information Systems, or equivalent combination of practical work experience
An advanced degree is preferred
Experience with infrastructure as code and technologies behind it (Terraform preferred)
Must have 2+ years of progressive experience in computing and information security.
Must have 2+ years of operations experience in practical business environments.
2+ years experience w/ Python, preferred w/ Django or willingness to learn.
Experience developing reusable tools and libraries for integrating microservices.
Capable of analyzing data from various data sources and generating reports, charts and graphs.
Proven experience with at least one of the following technologies: MySQL, Postgres, FireBase, Google Cloud Storage and willing to learn and fill in any gaps.
Must have experience with a modern version control system such as: Git, Github, GitLab, or Gerrit.
A passion for automation and experience with modern CI/CD tools.
