Senior Engineer, Security
At Cisco Meraki
Our mission at Cisco Meraki is to simplify technology so our customers can focus on what's most important to them: their students, patients, customers, and businesses. We’re making networking easier, faster, and smarter with technology that simply works. We have millions of devices deployed and because they are managed from the cloud, we are able to use real-time data to continuously improve the performance, stability and security of our products.
This job position is ideal for someone with embedded security experience and demonstrated leadership skills. The Product Security team plays a central role in protecting our customers’ networks and sensitive data. As leader of the team, you will help to drive the security vision for all of Meraki's products.
As a senior engineer on the Dashboard security team, you will have the opportunity to make substantial contributions in many different areas of security, all with the goal of securing Cisco Meraki’s Dashboard, the core web application and cloud infrastructure which power the millions of Meraki devices worldwide.
We are looking for people from all across the security spectrum to bolster our security posture. At Cisco Meraki, you can play a key role in securely designing key services running on Dashboard. You can deploy and implement new security tools, libraries, and frameworks as well as find, triage, and fix vulnerabilities. You can improve our monitoring and auditing and assist in responding to security incidents. You can be a strong advocate for security and push for process improvements, while balancing these changes with business needs.
As a part of a tight-knit engineering organization that prioritizes security, you have the ability to consult with other teams and affect change across the entire stack, from the UI and backend continuing to the device firmware. Finally, by acting as a guardian to our customers’ networks and deployments, you can have a direct, immediate, and significant impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, phones, and cameras every single day.
At Meraki, we are passionate about building real products that our customers love. We believe in fostering a positive organizational culture through hiring awesome people; coaching and mentoring; looking within to continue finding ways to improve organizationally; and having supportive management. We get work done organically through small teams that self-organize both laterally and vertically through direct collaborations between engineers. Finally, we have a positive relationship with Cisco, which provides the stability and resources of a larger company while enabling us to maintain our startup vibe. This includes having an awesome office that overlooks the Bay Bridge and is stocked full of free food and drinks.
Example projects for a Senior Security Engineer:
- Discover and triage vulnerabilities via code audits, fuzzing, and static analysis
- Work with and support other engineering teams to fix vulnerabilities found internally and by researchers through our bug bounty program
- Design and deploy secure systems to handle application secrets such as encryption keys
- Research and deploy intrusion-detection systems
- Identify critical services that require audit trails and logging and deploy systems that use logging data to detect anomalous behavior
- Help architect our services to reduce the impact of a security incident
- Perform auditing and forensics in response to security incidents
You are an ideal candidate if you:
- Have 5+ years of experience in web, database, information and/or infrastructure security
- Know and recognize common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
- Have a passion for one or more of the following: architecting systems for security; deploying security-focused libraries and tools; finding and triaging security exploits in our code; monitoring and forensics; and participating in security incident response
- Enjoy working across and being a resource for other teams
- Are excited to champion security as a first-class concern
Bonus points for:
- A BS/MS/Ph.D in Computer Science, Computer Engineering, Information Security, Security Engineering, or a STEM field
- Fluency in Linux and at least one of the following programming languages: Ruby, Scala, C/C++, Java, Python
- Deep knowledge in key security concepts such as authentication, authorization, public/private key encryption, role-based access control, and security by design
- Demonstrated ability to ship production-quality software in a dynamic environment
- Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures