*** US Citizenship Required *** Due to nature of projects assigned.
Zscaler (NASDAQ: ZS) accelerates digital transformation so that customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange is the company’s cloud-native platform that protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location.
With more than 10 years of experience developing, operating, and scaling the cloud, Zscaler serves thousands of enterprise customers around the world, including 450 of the Forbes Global 2000 organizations. In addition to protecting customers from damaging threats, such as ransomware and data exfiltration, it helps them slash costs, reduce complexity, and improve the user experience by eliminating stacks of latency-creating gateway appliances.
Zscaler was founded in 2007 with a mission to make the cloud a safe place to do business and a more enjoyable experience for enterprise users. Zscaler’s purpose-built security platform puts a company’s defenses and controls where the connections occur—the internet—so that every connection is fast and secure, no matter how or where users connect or where their applications and workloads reside.Job Description
Performs FedRAMP, DoD, and StateRAMP continuous monitoring activities in support of Zscaler Federal and Commercial systems in accordance with the FedRAMP Continuous Monitoring Strategy Guide, FedRAMP Continuous Monitoring Performance Management Guide and any other applicable guidance or requirements:
Ensures that Zscaler Federal system are within FedRAMP Risk Management Deficiency triggers, including:
Operational Visibility: Unique vulnerability count increase, Compliance with scanning requirements, Remediation of High impact and Moderate impact vulnerabilities, Quality of deliverables
Change Control: Keeping abreast of all changes performed on Federal systems, including performing security impact analysis, writing Significant Change Requests (SCRs), and providing notice of changes to FedRAMP and customers
Incident Response: Assists the Zscaler security team by coordinating and performing incident notification in accordance with the FedRAMP Incident Communications Procedure and United States Computer Emergency Readiness Team (US-CERT) Federal Incident Notification Guidelines.
Analyzes vulnerability and operating system scans in accordance with FedRAMP Vulnerability Scanning Requirements Guidance.
Performs vulnerability remediation coordination activities with Zscaler Engineering and Operations teams.
Writes vulnerability deviation requests in accordance with Common Vulnerability Scoring System (CVSS) Specification Documentation and knowledge of internal systems and controls.
Develops and maintains FedRAMP Plan of Action and Milestones (POA&M) and FedRAMP Inventory Workbook.
Delivers Executive Summaries and internal ConMon reports, tracking vulnerability trends and other operational and security/compliance metrics.
Maintains and continuously improves the Zscaler Continuous Monitoring Plan.
Ensures quality of all ConMon deliverables and timely submission to approved repositories for FedRAMP PMO, JAB, DoD, StateRAMP, and customer review.
Supports the execution and completion of FedRAMP, DoD, and StateRAMP annual assessments, including analysis and remediation of findings, support in provision of evidence, and finalization of Security Assessment Plan (SAP), Risk Exposure Table (RET), and Security Assessment Report (SAR).
Coordinates with all applicable Zscaler teams to ensure successful execution of Incident Response and Contingency Plan Testing and Exercises.
Supports the Zscaler Security team in vulnerability and security event analysis, incident response lifecycle activities, and optimization of the Security Information and Even Management (SIEM) tool.
Support Zscaler's Compliance programs in both Public and Private sectors aligned with FedRAMP, SOC 2, CSA STAR and ISMS aligned with ISO27001 and ISO 27018 certifications
Work closely with Engineering, Operations and Customer Care teams to ensure sustenance of existing compliance posture and new compliance initiatives
5+ years of direct continuous monitoring and vulnerability management experience on enterprise products or large enterprise
Experience in program or project management, auditing, and/or control framework development and implementation
Experience in compliance management related activities including Policy, Procedures and Standards documentation
Proven ability to work and effectively prioritize in a highly dynamic work environment
Professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) preferred
Strong understanding of Industry standard compliance frameworks and Cyber Security Best Practices
All your information will be kept confidential according to EEO guidelines.
What You Can Expect From Us:
- An environment where you will be working on cutting edge technologies and architectures
- A fun, passionate and collaborative workplace
- Competitive salary and benefits, including equity
People who excel at Zscaler are smart, motivated and share our values. Ask yourself: Do you want to team with the best talent in the industry? Do you want to work on disruptive technology? Do you thrive in a fluid work environment? Do you appreciate a company culture that enables individual and group success and celebrates achievement? If you said yes, we’d love to talk to you about joining our award-winning team.
Additional information about Zscaler (NASDAQ: ZS ) is available at https://www.zscaler.com.
Zscaler is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.