Principal DevSecOps Engineer (Cortex)

Company DescriptionOur MissionAt Palo Alto Networks® everything starts and ends with our mission:Being the cybersecurity partner of choice, protecting our digital way of life.Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.FLEXWORK is an employee-centric reimagining of how we work. We built FLEXWORK based on employee feedback – it is about flexibility, trust, and choice whenever possible. It’s been a journey of disruption that has yielded the best of our values. We offer as much flexibility as possible, and choices that enable you to be most productive, including benefits that meet your needs and learning opportunities that you feel passionate aboutJob DescriptionYour CareerWe are looking for a Principal DevSecOps Engineer to work in our Global Devops/SRE group to help secure our immense cloud and on-prem deployments, and will be a security advisor for all infrastructure and application related new developments as well as overseeing all current infrastructure and processes security improvements.Helping guide new security initiatives in the product group and thinking outside the box for any new attack vectors as they appear in the wild.The Cortex group specializes in analysis and visualization of complex cyber-data gathered by the Palo Alto Networks products. It combines high-performance algorithms, deep understanding of modern databases, advanced visualization and high-end UI/UX.Your Impact

• Work closely and in full coordination with multiple product engineering groups and Devops teams to produce highly secure features
• Handle, prioritize and effectively bring security vulnerabilities to resolution for multiple products
• Review new and existing features for security vulnerabilities, provide recommendations, and play an active part in resolving them
• Build out security processes and perform threat modeling to all ongoing development and operations
• Produce high quality metrics to visualize the security aspects of our infrastructure and products
• Help focus the engineering teams to work on high value security issues and avoid toil on non security issues

QualificationsYour Experience

• 7+ years as a DevSecOps or Product Security Engineer with a passion for security and doing things right
• 7+ years in application security, familiarity with OWASP Top 10 and OWASP API Top 10
• High proficiency with Cloud environments - GCP and AWS preferred
• Experience as a PSIRT engineer is nice to have
• Experience with solutions such as CWPP, CSPM, WAAS, CVA, and SCA
• Experience with DAST and SAST tools
• Experience in Python and Golang
• Experience performing infrastructure and application penetration tests
• Experience in securing large scale production microservices-based architectures
• Experience performing threat models, secure code reviews, and developing security automations that make our products safer
• Experience participating in vulnerability management programs and responding to incidents
• Effective communication and interpersonal skills, ability to work and coordinate between multiple teams
• Ability to grasp new technologies quickly and prioritize and multitask on multiple responsibilities

Additional InformationThe TeamOur engineering team is at the core of our products and connected directly to the mission of preventing cyber attacks. We are constantly innovating — challenging the way we, and the industry, think about cybersecurity. Our engineers don’t shy away from building products to solve problems no one has pursued before. We define the industry instead of waiting for directions. We need individuals who feel comfortable in ambiguity, excited by the prospect of a challenge, and empowered by the unknown risks facing our everyday lives that are only enabled by a secure digital environment.Our CommitmentWe’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at [email protected] Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.All your information will be kept confidential according to EEO guidelines.Please note that we will not sponsor applicants for work visas for this position.