Staff Engineer – DevSecOps

Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions. They rely on our top-rated services and support to accelerate their digital transformation efforts and deliver unprecedented progress. With double-digit growth year over year, no provider is better positioned to deliver scalable outcomes than Extreme. Inclusion is one of our core values and in our DNA. We are committed to fostering an inclusive workplace that embraces our differences and creates an atmosphere where all our employees thrive because of their differences, not in spite of them. Become part of Something big with Extreme! As a global networking leader, learn why there’s no better time to join the Extreme team. We are seeking a highly experienced Staff Engineer – DevSecOps to lead and support our enterprise security, compliance, and risk management initiatives. This individual will play a key role in designing, implementing, and maintaining controls aligned with global compliance frameworks including ISO 27001, SOC 2, and NIST 800- 53. The ideal candidate has a deep understanding of security engineering principles, a strong compliance mindset, and a proven track record in driving cross-functional security programs. Key Responsibilities: FollowestablishedprocessesfortheimplementationandmaintenanceofsecuritycontrolsalignedwithISO27001,SOC2,andNIST800-53. CollaboratewithsecurityleadershiptoensureadherencetoISO27001,SOC2andNIST800-53controlsandprocedures. Collaboratewithinternalandexternalauditorstosupportaudits,evidencegathering,andremediationefforts. Developandmaintainautomatedsecurityandcompliancemonitoringtoolsanddashboards. TranslateregulatoryrequirementsintotechnicalrequirementsandintegratethemintotheSDLC (SecureDevelopmentLifecycle). Execute tasks related to the implementation and upkeep of compliance controls under ISO 27001, SOC 2, and NIST 800-53 guidance. Conductgapassessmentsandriskanalysis;defineandtrackremediationeffortstoensurecompliancereadiness. Strong hands-on experience and understanding of Kubernetes security, including RBAC, pod security policies, network policies, and secrets management. Required Qualifications: 5+yearsofexperienceininformationsecurityorcomplianceengineeringroles. Practical experience withDevOps security practices, including integrating security controls into CI/CD pipelines (GitLab CI, Jenkins, GitHub Actions, etc.)Strongunderstandingandhands-onexperiencewithISO27001,SOC2 (TypeIandII),andNISTSP800-53. Experienceworkingincloud-nativeenvironments (AWS,Azure,orGCP)withsecureconfigurationandgovernancecontrols. Familiaritywithcloud-nativesecurity(AWS,GCP,orAzure),containerorchestration,andinfrastructure-as-codetoolslikeTerraform,Helm,orAnsible. Solidknowledgeofaccessmanagement,encryption,logging/monitoring,andnetworksecurityprinciples. Demonstratedabilitytoleadtechnicalinitiatives,workcross-functionally,andinfluenceatalllevels. Excellentwrittenandverbalcommunicationskillswithexperiencewritingpoliciesandtechnicaldocumentation. Preferred Qualifications: ProfessionalcertificationssuchasCISSP,CISA,CISM,ISO27001LeadImplementer/Auditor,orAWSSecuritySpecialty etc. Experiencewithcomplianceautomationplatforms. Backgroundinregulatedindustriessuchasfintech,healthcare,orgovernment. Additional Information Extreme Networks, Inc. (EXTR) creates effortless networking experiences that enable all of us to advance. We push the boundaries of technology leveraging the powers of machine learning, artificial intelligence, analytics, and automation. Over 50,000 customers globally trust our end-to-end, cloud-driven networking solutions and rely on our top-rated services and support to accelerate their digital transformation efforts and deliver progress like never before. For more information, visit Extreme'swebsiteor follow us on Twitter, LinkedIn, and Facebook. We encourage people from underrepresented groups to apply. Come Advance with us! In keeping with our values, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination/harassment based on “protected categories,” Extreme Networks also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden, barriers to success have no place at Extreme Networks. Apply to this Job