Staff GRC Engineer (Information Security)
Palo Alto Networks
- Santa Clara, CA
- $119,000-192,500 per year
- Permanent
- Full-time
- Analyze technical risks of existing network / system and application architectures (IAAS/PAAS/SAAS and on premise) against correlating policies and risks, and provides appropriate remediation or risk reduction plans
- Evaluate ongoing practices and procedures, technical documentation, and diagrams for appropriate security measure maturity and effectiveness
- Generates and monitors effective and actionable Information Security reporting across the InfoSec technical landscape and provides pertinent input to briefing presentations
- 5+ years of combined experience as an software engineer, infrastructure engineer, network engineer or cloud security engineer
- In-depth understanding of technical risk management practices, including risk identification, assessment, mitigation, and monitoring.
- Data analysis and reporting skills for assessing, interpreting and reporting risk data
- Proficiency in programming languages such as Python, Java, or Ruby to develop automation scripts and tools for monitoring controls effectively
- Strong knowledge of scripting languages (e.g., Bash, PowerShell) for automation tasks.
- Competence in working with version control systems like Git
- Understanding of DevOps practices and principles
- Understanding of cloud platforms (e.g., AWS, Azure, Google Cloud) and infrastructure as code (IaC) concepts
- Knowledge of industry-specific regulations and compliance standards (e.g., ISO 27001, NIST, GDPR)
- Familiarity with security frameworks (e.g., CIS, OWASP) and best practices
- Experience in security engineering related to vulnerability management, intrusion prevention, data protection, monitoring, analytical and correlation tools a PLUS
- Certification in any of the following is a plus - OSCP; OSCE; PCNSE, Google Cloud Architect, AWS Cloud Architect, CISSP-ISSEP - Sec. Eng. Professional, GIAC Certified Enterprise Defender (GCED), CCSP, Splunk Cert. Enterprise Security Administrator
- Education
- Bachelor's degree from four-year college or university or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc or equivalent military experience required
- Master's degree is a plus in any relevant domain (Engineering / IT / Computer science)