Principal Engineer, Cloud Security Engineering AWS/GCP (R-2021-08-16)
San Mateo, CA  / New York, NY  / Oakland, CA  / Washington, DC  / Atlanta, GA  / Austin, TX  / Houston, TX  / Los Angeles, CA  / Santa Monica, CA  / Irving, TX ...View All
View Less
Posted 11 days ago
Job Description

SiriusXM and Pandora have joined together to create the leading audio entertainment company in the U.S. Together, we are uniquely positioned to lead a new era of audio entertainment by delivering the most compelling subscription and ad-supported audio experiences to millions of listeners -- in the car, at home and on the go. Our talent, content, technology and innovation continue to be at the forefront, and we want you to be a part of it! Check out our current openings below and at .

Position Summary:

The Principal Engineer, Security Operations will be the key embedded resource working to steadily improve and maintain the security posture of assigned Sirius XM + Pandora brands. The successful candidate will be responsible for ensuring the security of our hybrid cloud infrastructure while maintaining a high level of Developer enablement and guiding and mentoring users on best practices as pertains to security of the infrastructure.

As a staff member reporting to the office of the Sirius XM Chief Information Security Officer, you will strive on a daily basis to ensure the health of security endpoints and monitoring in our cloud and on premise networks, and work to detect and prevent unauthorized incursions into our network. You will be the principal point of contact for security incident response and will assist in maintaining and secure architecture. Additionally, you will have the opportunity to drive the technical implementation of our security solutions by providing necessary guidance and technical leadership to more junior engineers, and to share expertise with your peers and more senior resources across Sirius XM + Pandora.

Minimum Qualifications:

  • Bachelors or Master's Degree in a Cybersecurity or related discipline, or equivalent, relevant experience.

  • CISSP certification, with one or more other professional certifications preferred (OSCP, GSEC, GCIA, CISM, CEH, etc.)

  • 10 years' experience in Security Operations and/or the IT industry, with a preference for active DevSecOps roles

  • Expertise in secure cloud architecture and security including containers, SDN, HA, serverless compute

  • Operational experience with IaC tools like Terraform, AWS CloudFormation, or Google Cloud Deployment Manager

  • Experienced with cloud security ops and monitoring tools like AWS Guard Duty and Security Hub, or Google Security Command Center

  • Working knowledge of Windows/Unix system administration and security vulnerabilities, in particular those exploitable in ransomware attacks

Desired Qualifications:

  • Experience implementing and maintaining Zero-Trust environments
  • Working knowledge of TCP/IP and related data network protocols: TCP, ARP, ICMP, DHCP, HTTP, SNMP etc., and accompanying protocol analysis tools (Wireshark, TCPDump, etc.)
  • Solid experience with Linux system administration (RedHat, Debian, etc.)
  • Hashicorp stack: Vault, Nomad, Consul
  • Monitoring and Securing sidecar load balancing environments (Envoy/Istio)
  • Knowledge of compliance requirements PCI DSS, SOX
  • Shell scripting
  • Experience with version control systems such as GIT or SVN in a collaborative environment
  • Knowledge of fundamental networking concepts: BGP, VPNs, OSI model
  • High level of competency with Python development including OO design principles

Duties and Responsibilities:

  • Perform detailed forensics for security related incidents

  • Develop, evolve, and manage monitoring and alerting solutions to create a deep understanding of trends, anomalies, and incidents

  • Assist in architecture and planning for company wide security efforts

  • Expert on authentication paradigms: IaM policy management and Cloud KMS solutions

  • Develop and implement system hardening standards conforming to CIS benchmarks

  • Implement MSSP services such as Security Command Center, RedLock, Threat Stack, Dome9,

  • Develop, evolve, and manage monitoring and alerting solutions to create a deep understanding of trends, anomalies, and incidents

  • Support cloud WAF solutions, user behavioral analysis tools like NuDetect and Human, and CASB solutions

  • Monitor and/or manage stateful firewalls: Juniper SRX, PaloAlto Networks, etc.

  • Deploy and maintain security endpoints like Sentinel One

  • Deploy, monitor and maintain automation solutions: Ansible, Chef, etc., and with automated SAST and DAST pipeline solutions in a mature DevOps practice

  • Deploy and manage SIEM environments: Chronicle, AlienVault, Splunk, ELK

  • Mentor junior members of your team as well as individuals in other operational groups.

  • Perform detailed forensics for security related incidents in close cooperation with centralized incident response apparatus

  • Integrate local policies with and ensure compliance to enterprise security policies and standards

  • Support penetration testing to find vulnerabilities that might be exploited by malicious third parties

  • Lead mitigation efforts in response to vulnerabilities uncovered by periodic scans

  • Support the centralized security architecture team with knowledge and insights about the infrastructure in your charge

Supervisory Responsibilities:

  • Initially, there are no supervisory responsibilities associated with this position.

Requirements and General Skills:

  • Good public speaking and presentation skills.
  • Interpersonal skills and ability to interact and work with staff at all levels.
  • Excellent written and verbal communication skills.
  • Ability to work independently and in a team environment.
  • Ability to pay attention to details and be organized.
  • Ability to project professionalism over the phone and in person.
  • Ability to handle multiple tasks in a fast-paced environment.
  • Commitment to "internal client" and customer service principles.
  • Willingness to take initiative and to follow through on projects.
  • Creative writing ability.
  • Excellent time management skills, with the ability to prioritize and multi-task, and work under shifting deadlines in a fast-paced environment.
  • Ability to travel as required within Europe as well as the U.S.
  • Must have legal right to work in the U.S.

Additional Technical Skills:

  • Thorough knowledge of MS-Office Suite (Word, Excel, PowerPoint, Access).

More details about our company benefits can be found !

Our goal at SiriusXM+Pandora is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation. SiriusXM+Pandora is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.

The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.

As an EEO/Affirmative Action Employer all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.


Job Summary
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Education
Bachelor's Degree
Required Experience
10+ years
Email this Job to Yourself or a Friend
Indicates required fields