M+E Technology Job Board

Senior Engineer, Security

Cisco

Cisco Meraki produces some of the most popular gear in the world, with millions of cloud-managed access points, switches, security appliances, phones, and cameras distributed across the world. Backed by Dashboard, the web app and cloud service supporting our devices, Meraki allows our customers to focus on their mission instead of spending time setting up infrastructure.

Meraki is able to provide easy-to-use, enterprise-grade devices because we control the entire stack—from the Dashboard UI and backend down to the device firmware itself. This flexibility also allows us to provide our customers useful insights into their deployment, including how the prevalence of a particular security threat, the number of unique wireless devices present in the last week, and the most popular operating systems used on their network.

Because of Meraki’s popularity and visibility, security is of paramount importance to us. As a senior engineer on the Security team, you will play an essential role in protecting Meraki’s customers, products, and infrastructure from adversaries. You will act as a guardian of our customers’ networks by securing the Meraki cloud infrastructure. You will build new security features and automated tools and find, triage, and fix vulnerabilities. You will advocate process improvements towards improving security, while balancing these changes with business needs. You will be a strong advocate for security and consult with other software teams on their security posture. Finally, you will get to have direct, immediate, and significant impact on our customers and the hundreds of millions of users that rely on Meraki every single day.
Example projects for a Senior Security Engineer:

Discovering and fixing vulnerabilities via code audits, fuzzing, and static analysis
Working with and supporting the backend and UI teams to fix vulnerabilities found internally and by researchers through our bug bounty program
Designing and building secure systems to handle application secrets such as encryption keys
Identifying places to add audit trails to improve accountability
Re-architecting our core infrastructure to reduce the attack surface of critical services and mitigate the impact of exploits
Augmenting our backend with the latest intrusion-detection systems

You are an ideal candidate if you:

Have 5+ years of production experience in web, database, and/or infrastructure security
Easily recognize SQL/command injection, XSS, CSRF, SSRF, and other vulnerabilities
Enjoy working across teams to get security vulnerabilities fixed and being a resource for other developers and teams
Can design, plan, and implement security-focused architectures and frameworks
Are passionate about ensuring that security remains a first-class concern

Bonus points for:

A BS/MS/Ph.D in Computer Science, Computer Engineering, or a STEM field
Fluency in at least one of the following languages: Ruby, Scala, C/C++, Java, Python
Deep knowledge in key security concepts such as authentication, authorization, public/private key encryption, role-based access control, and security by design
Demonstrated ability to ship production-quality software in a dynamic environment
Experience with large-scale distributed systems and client-server architectures